lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200507230827.j6N8RsDk016360@vaticaan.Holland.Sun.COM>
Date: Sat, 23 Jul 2005 10:27:54 +0200
From: Casper.Dik@....COM
To: Volker Tanger <vtlists@...e.de>
Cc: bugtraq@...urityfocus.com
Subject: Re: Peter Gutmann data deletion theaory?



>His theory no longer does hold true. His 1996 paper is available at
>http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html, targeting
>MFM and RLL disk technology, where a typical 5.25" disk held 20-80MB
>(yes, MEGAbyte, not GB). His recommendations were based on old magnetic
>disc technology where each bit was represented by the magnetical
>orientation on the platter (north=1, south=0). After that came other
>technologies, where bits are defined by changes of the magnetic field
>even down to probabilistic field measurements - which allowes tighter
>data packing but rendered the base of his recommendations useless.

Overwriting the data a couple of times seems to be relatively effective
for modern disks.

In my opninion, the best way to destroy your data is to keep it
encrypted and then destroy the keys.

Recovery will succeed in only recovering a fraction of the data;
but with an unknown key and a typical encryption algorithm where
a single bit changed in the input changes all bits in the output,
recovery will need to find quite a bit more than the 1 bit per byte
required to recover typical text.

>OTOH I have seen one company with a *really* thorough disk & tape 
>cleaning technique: 
>
>	1. writing zeroes all over
>	2. low level format
>	3. shredding the disc drive into small pieces
>	4. magnet treatment of the scrap metal
>	5. burning in their own waste incinerating plant


Note that many of the people using such technologies do this
to prevent against future breakthrouhgs in recovery technology.
So it's required only for data with a long half-life.

Casper


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ