lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 26 Jan 2010 13:26:58 -0500
From: Valdis.Kletnieks@...edu
To: T Biehn <tbiehn@...il.com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Disk wiping -- An alternate approach?

On Tue, 26 Jan 2010 11:11:52 EST, T Biehn said:
> Overwritten files require analysis with a 'big expensive machine.'

Assuming a disk drive made this century, if the block has actually been
overwritten with any data even *once*, it is basically unrecoverable using any
available tech.

Proof: In a decade of looking, I haven't found a *single* data-recovery outfit
that claimed to recover from even a single overwrite.  Blown partition table?
No problem. Metadata overwritten, data not? We can scavenge the blocks. Disk
been in a fire? Flood? Run over by truck? Sure. We can go in and scavenge the
individual intact bits with big expensive machines. Overwritten? <crickets>.

Seriously - lot of companies can recover data by reading the magnetic fields of
intact data.  But anybody know of one that claims it can recover actual
over-writes, as opposed to "damn we erased it" or "damn the first part of the
disk is toast"?

No?  Nobody knows of one?  I didn't think so.

20 or 25 years ago, it may still have been feasible to use gear to measure the
residual magnetism in the sidebands after an over-write.   However, those
sidebands have shrunk drastically, as they are the single biggest problem when
trying to drive densities higher.  You can't afford a sideband anymore - if
you have one, it's overlapping the next bit.

There *may* be some guys inside the spook agencies able to recover overwrites.
But you don't need to worry about any evidence so recovered ever being used
against you in a court of law - as then they'd have to admit they could do it.
Just like in WWII we allowed the German U-boats to sink our convoys rather
than let them figure out we had broken Enigma, they'll let the prosecution
fail rather than admit where the data came from.


Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ