| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 21 Jul 2005 23:05:27 +0200 From: "D. Weiss" <David@...dgw.net> To: "'Jared Johnson'" <jaredsjazz@...oo.com>, <focus-ms@...urityfocus.com> Cc: <bugtraq@...urityfocus.com> Subject: RE: Peter Gutmann data deletion theaory? Though smelting of course will clean them, your average rotary sander will take the medium off the disk quite as well. I suppose that someone somewhere will tell you that if all the kings horses and all the kings men try to put the sanded off dust back together again, someone could read your data, but I think it would be a number of magnitudes more difficult than putting finely chopped chaff back together again. Peter's whole point is that if you have unlimited time, unlimited resources, then an infinite number of monkeys typing randomly on an infinite number of typewriters will one day produce the works of Shakespeare. Will someone devote that effort to your old drive? The big question to ask is "If they DO devote the level of effort necessary, will they find anything I don't want them to have?" If yes, then take strong steps to defeat them. Don't statistically determine your danger - make it as close to zero as you can. If economics says you can't send them off to the smelters (who may be recovering the data and selling it and then melting the drive, profiting on both sides of the fence) give Jesse the Java Wizard an additional task of opening and sanding the platters off. Now you can use the platters on award plaques and the magnets are wicked strong and can hold large amounts of documents to the frig door. If the answer is no, Norton wipe them three times and re-use them. Peters whole work is about estimates and averages, and just like logarithms, you can do a damned site closer to perfectly right than one would commonly think. There is a danger. You CAN read a disk overwritten x number of times. Don't ask "If they did this", ask do I care if they did this. But sanding the platters and spreading the dust into a couple bins should really stop them, until Peter comes up with a way to put the dust back on the platters. Peter, You aren't efforting that as we email, are you? :-) Weiss -----Original Message----- From: Jared Johnson [mailto:jaredsjazz@...oo.com] Sent: Thursday, July 21, 2005 01:49 To: focus-ms@...urityfocus.com Cc: bugtraq@...urityfocus.com Subject: Peter Gutmann data deletion theaory? All, Do you all agree with Peter Gutman's conclusion on his theory that data can never really be erased, as noted in his quote below: "Data overwritten once or twice may be recovered by subtracting what is expected to be read from a storage location from what is actually read. Data which is overwritten an arbitrarily large number of times can still be recovered provided that the new data isn't written to the same location as the original data (for magnetic media), or that the recovery attempt is carried out fairly soon after the new data was written (for RAM). For this reason it is effectively impossible to sanitise storage locations by simple overwriting them, no matter how many overwrite passes are made or what data patterns are written. However by using the relatively simple methods presented in this paper the task of an attacker can be made significantly more difficult, if not prohibitively expensive." It seems that the perhaps the only real way to rid your Hard Drives of data is to burn them. I'd love to hear some thoughts on this from security and data experts out there.
Powered by blists - more mailing lists