lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 25 May 2010 16:08:45 -0400
To: Bipin Gautam <>
Cc: full-disclosure <>
Subject: Re: Stealthier Internet access

On Wed, 26 May 2010 01:25:25 +0545, Bipin Gautam said:

Rest of article actually looks good at first glance, but this jumped out at me:

> > -Software disk Wiping:
> >  Wipe KEY, header of your encrypted storage volume (first few mb, ref
> > specific manual) Ref using Peter Gutmann standard of data wipeing (35
> > wipes)
> > And wipe entire storage using U.S. DoD 5200.28-STD (7 wipes)

There is zero evidence that anybody is able to recover data after even a
single overwrite of /dev/zero on a disk drive made this century.  Even in
the MFM days, Gutmann's recovery technique was difficult - today's densities
render it essentially impossible.  Even if it's possible, if your threat model
includes the sort of organizations that could theoretically do it, maybe you
should be considering thermite rather than software wipes.  Especially if
they're pounding on your door. ;)

I'm more than open to hear of any *confirmed* cases of data recovered after
even a single overwrite anytime after 1995.  To date, I have not seen one.
Prove me wrong, guys. ;)

Content of type "application/pgp-signature" skipped

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists