lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 24 Jan 2010 17:55:22 -0500
From: Valdis.Kletnieks@...edu
To: Bipin Gautam <bipin.gautam@...il.com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Disk wiping -- An alternate approach?

On Mon, 25 Jan 2010 01:09:40 +0545, Bipin Gautam said:

> So, plausible deniability solution for disk wiping?:
> 
> Let, disk wiping tools LOAD the whole WIKIPEDIA in nxn matrices and
> mix ALL the words & phrases in a random pool continuously and use THIS
> as the "Wiping passes and patterns" while they wipe the disk-space
> (instead of using random-pass or zero) and let the people who dont
> need-to-know make sense of whatever they want to pull up from the
> 'patterns' generated from the ENCYCLOPEDIA OF KNOWLEDGE & unlimited
> keywords and phrases and counter the same?

The problem is that although using Markov chains to generate pseudo-random
text, it's usually pretty obviously pseudo-random text. And in fact, they're
usually so random that it's pretty obvious it's just random words and doesn't
prove anything more or less than acres of zeros.

http://en.wikipedia.org/wiki/Dissociated_press

The problem is that every once in a while, those things actually generate
short chunks of intelligible text (especially when using a longer chain
length).  So now, instead of being able to say to the district attorney

"The disk was full of zeros, and you can't prove what was on it before".

you're now saying to him:

"What do you mean, you found the phrase 'Drop the cocaine and kiddie porn off
at my place around 9PM' on block 239349 of my hard drive?"

Generally a bad idea.

Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ