lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <001f01c58e37$ebfe6370$0463a8c0@traveler>
Date: Thu, 21 Jul 2005 23:05:27 +0200
From: "D. Weiss" <David@...dgw.net>
To: "'Jared Johnson'" <jaredsjazz@...oo.com>,
	<focus-ms@...urityfocus.com>
Cc: <bugtraq@...urityfocus.com>
Subject: RE: Peter Gutmann data deletion theaory?


Though smelting  of course will clean them, your average rotary sander will
take the medium off the disk quite as well. I suppose that someone somewhere
will tell you that if all the kings horses and all the kings men try to put
the sanded off dust back together again, someone could read your data, but I
think it would be a number of magnitudes more difficult than putting finely
chopped chaff back together again.

Peter's whole point is that if you have unlimited time, unlimited resources,
then an infinite number of monkeys typing randomly on an infinite number of
typewriters will one day produce the works of Shakespeare. Will someone
devote that effort to your old drive?

The big question to ask is "If they DO devote the level of effort necessary,
will they find anything I don't want them to have?" If yes, then take strong
steps to defeat them. Don't statistically determine your danger - make it as
close to zero as you can. If economics says you can't send them off to the
smelters (who may be recovering the data and selling it and then melting the
drive, profiting on both sides of the fence) give Jesse the Java Wizard an
additional task of opening and sanding the platters off. Now you can use the
platters on award plaques and the magnets are wicked strong and can hold
large amounts of documents to the frig door.

If the answer is no, Norton wipe them three times and re-use them.

Peters whole work is about estimates and averages, and just like logarithms,
you can do a damned site closer to perfectly right than one would commonly
think. There is a danger. You CAN read a disk overwritten x number of times.
Don't ask "If they did this", ask do I care if they did this.

But sanding the platters and spreading the dust into a couple bins should
really stop them, until Peter comes up with a way to put the dust back on
the platters.

Peter, You aren't efforting that as we email, are you?  :-)

Weiss

-----Original Message-----
From: Jared Johnson [mailto:jaredsjazz@...oo.com]
Sent: Thursday, July 21, 2005 01:49
To: focus-ms@...urityfocus.com
Cc: bugtraq@...urityfocus.com
Subject: Peter Gutmann data deletion theaory?


All,

Do you all agree with Peter Gutman's conclusion on his theory that data can
never really be erased, as noted in his quote below:

"Data overwritten once or twice may be recovered by subtracting what is
expected to be read from a storage location from what is actually read. Data
which is overwritten an arbitrarily large number of times can still be
recovered provided that the new data isn't written to the same location as
the original data (for magnetic media), or that the recovery attempt is
carried out fairly soon after the new data was written (for RAM). For this
reason it is effectively impossible to sanitise storage locations by simple
overwriting them, no matter how many overwrite passes are made or what data
patterns are written. However by using the relatively simple methods
presented in this paper the task of an attacker can be made significantly
more difficult, if not prohibitively expensive."

It seems that the perhaps the only real way to rid your Hard Drives of data
is to burn them.

I'd love to hear some thoughts on this from security and data experts out
there.





Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ