lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20060207154437.700fad30.gimeshell@web.de>
Date: Tue Feb  7 14:44:39 2006
From: gimeshell at web.de (gimeshell@....de)
Subject: Gutmann's research paper today

Hi,

i'm trying to view Gutmann's paper "Secure Deletion of Data from
Magnetic and Solid-State Memory" from today's point of view and
wondering which information brought in this paper applies to modern
effort to securely erase sensitive data.

That is what he said, which may be of especial interest:

"In the time since this paper was published, some people have treated
the 35-pass overwrite technique described in it more as a kind of
voodoo incantation to banish evil spirits than the result of a
technical analysis of drive encoding techniques. As a result, they
advocate applying the voodoo to PRML and EPRML drives even though it
will have no more effect than a simple scrubbing with random data. In
fact performing the full 35-pass overwrite is pointless for any drive
since it targets a blend of scenarios involving all types of
(normally-used) encoding technology, which covers everything back to 30
+-year-old MFM methods (if you don't understand that statement, re-read
the paper). If you're using a drive which uses encoding technology X,
you only need to perform the passes specific to X, and you never need
to perform all 35 passes. For any modern PRML/EPRML drive, a few passes
of random scrubbing is the best you can do. As the paper says, "A good
scrubbing with random data will do about as well as can be expected".
This was true in 1996, and is still true now."

So there aren't any capable patterns to be written on modern PRML/EPRML
drives to reach best results in sensitive data destruction?
He explicitely stated to use "a few passes of random scrubbing".

Am i misunderstanding something or you can really say, if you're
writing to a modern disk, forget all special scrubbing technologies,
don't use Gutmann, don't use DoS 5220.22M or other pattern writing
technologies, only a few passes of random scrubbing will do the job?

regards

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ