lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <200507260539.BAA00734@Sparkle.Rodents.Montreal.QC.CA>
Date: Tue, 26 Jul 2005 01:20:31 -0400 (EDT)
From: devnull@...ents.Montreal.QC.CA
To: bugtraq@...urityfocus.com
Subject: Re: Peter Gutmann data deletion theaory?


[The From: is a bit-bucket, thanks for the hordes of broken
autoresponders.  Use the address in my signature to reach me.]

> With point-and-click easy to use freeware tools under windows, I can
> do almost 100% retrieval of files after a full reformat,

I don't believe this for a moment.  What you probably can do is recover
data after running DOS/Windows "format".  Except on floppies, this does
not actually do a reformat; what it does do is more properly called
making a filesystem.  (The misleading name is probably due to DOS's
floppy-based origins and Windows's DOS origins.)

A reformat - a *real* reformat, as in the SCSI FORMAT UNIT command or
whatever the analog is under other interfaces - will, with the possible
exception of blocks spared out while holding sensitive data[%], erase
beyond hope of retrieval by any means short of opening up the drive -
that is, any means that uses the usual data interface to the drive.  If
you don't care about anyone with the resources and interest to open up
the drive and examine the magnetic patterns with tools more sensitive
than the disk's own read/write heads, this is almost certainly[%] all
you need to do.

But if you do, then you probably are paranoid enough that thermite (or
some equivalent that melts the drive into a puddle of liquid metal) is
the best option for you.  Multiple overwrites are *probably* enough
with modern drives - but if your data are sensitive enough for your
adversary to be willing to open the drive up in a cleanroom, melting it
down is cheap, and about as sure as you're going to get.

[%] Some drives may have commands to best-effort read spared-out
    blocks, which may leave data recoverable if the reformat believes
    the current bad-block list instead of (re)constructing it from the
    surface scan inherent in the reformat.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@...ents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ