lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 26 May 2010 01:03:42 -0400
From: Valdis.Kletnieks@...edu
To: Bipin Gautam <bipin.gautam@...il.com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Stealthier Internet access

On Wed, 26 May 2010 10:15:32 +0545, Bipin Gautam said:
> > it's a *bad* sector, so reading and recovering the data is a bitch...
> 
> No, storing in Negative Disk, bad sector, stenography, slack space are
> all bad places to store data!

No, I meant it's usually not worth worrying that if the disk has done a
hardware assignment of a replacement sector for a *real* live actual
the-hardware-barfs-on-it bad sector, you can usually not worry about the
contents of that bad sector, as the drive hardware won't let you access it
directly anymore, redirecting you to the new replacement block.  So basically,
somebody needs to take the disk apart and start doing the clean-room data
recovery routine off the disk, trying to read 512 bytes of data at a time off
known-physically-bad areas of the disk.

And if your threat model includes adversaries that will do that, then
you *really* need to be using full-disk encryption and thermite in your
counter-defenses.  Oh, and a good countermeasure for rubber-hose crypto. ;)

Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists