lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20100126043235.GS8056@tracyreed.org>
Date: Mon, 25 Jan 2010 20:32:35 -0800
From: Tracy Reed <treed@...raviolet.org>
To: "E. Prom" <e3prom@...il.com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Disk wiping -- An alternate approach?

On Tue, Jan 26, 2010 at 04:26:08AM +0100, E. Prom spake thusly:
> The point is that they never get a hard-drive full of zeroes or random
> numbers, but a hard-drive that have pieces of other data under the
> zeroes or random numbers. That's why programs like "wipe" fills more
> than 20 times the hard-drive with data. But filling 20 times a whole
> disk can be very, very long, expecially if it's a 2TB USB drive. A
> "quick" wipe filling a drive only 4 times, is often enouth, but...

Fortunately, so many rewrites are not necessary and have not been for
a long time. I destroy drives containing credit card and other
personal data with just one wipe (assuming the drive is operational)
and if not I drill a few holes in it.

While investigating how to best destroy such data I happened across
some postings with some actual experimental results from trying
recover overwritten data:

http://blogs.sans.org/computer-forensics/2009/01/15/overwriting-hard-drive-data/

And some analysis of modern techniques for recovering data and their
effectiveness:

https://blogs.sans.org/computer-forensics/2009/01/28/spin-stand-microscopy-of-hard-disk-data/

Executive summary: Data overwritten once is unrecoverable on any drive
made in the last 10 years. So do a single write pass from /dev/random
on working drives.

For non-functional drives or where overwriting is not possible
drilling holes is very sufficient for any business and personal data.

For top secret data wanted by an enemy with millions to spend and you
cannot overwrite the data just once then recovery via Spin Stand
Microscopy from undamaged areas of the platter is possible at great
expense and weeks of constant work. Shattering the platter makes this
technique much harder rendering perhaps 80% of the data
unrecoverable. You are still best off with a cheap one time write of
the whole drive.

And as far as data recovery from failed drives goes this is rather
amusing:

http://blogs.sans.org/computer-forensics/2009/09/30/the-failed-hard-drive-the-toaster-oven-and-a-little-faith/

-- 
Tracy Reed
http://tracyreed.org

Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ