Inquiry:How to totally wipe out the entire hard drive
in [Debian]
|
Prev: On boot - firewall warning.......
Next: cisco vpnclient: not able to get shell output for more than a few lines
From: Lee Winter on 6 Sep 2009 16:30 On Sun, Sep 6, 2009 at 3:42 PM, Sven Joachim <svenjoac(a)gmx.de> wrote: > On 2009-09-06 21:12 +0200, John Hasler wrote: > > > Napoleon writes: > >> Overwriting with zeros (or ones) once is not at all secure. It can > >> easily be nearly 100% recovered by someone with the necessary > >> equipment, even more so on a modern drive. > > > > Please provide evidence that anyone has ever done this on a modern > > drive. > > Jumping into that discussion, here is evidence that this is not possible > with modern drives: > > > http://www.h-online.com/news/Secure-deletion-a-single-overwrite-will-do-it--/112432 No, that it not evidence. It is an opinion; possibly a very informed opinion. But security issues often require a skeptical perspective. In this case an expert's statement that he does not know how to retrieve info from a drive is abolutely worthless in determining whether anyone else knows how to retrieve info from a drive. > > <http://www.h-online.com/news/Secure-deletion-a-single-overwrite-will-do-it--/112432> > > So, anyone who wants to sell his hard disk can just use > "dd if=/dev/zero ..." and be done with it. > That will work up to the value of the information being secured. But once the value of the information reaches an upper limit then it becomes worthwhile for people to use more sophisticated techniques, and overwriting with a constant pattern becomes worthless. There is a recently revised NIST standard for securing information. It says very little -- propably because the US givernment has an interest in lowering other entities security. The previous versions of that standard were a lot more informative and useful. BTW, no sensible person ever said that 35 passes were necessary and/or useful. A well-informed and well-intentioned expert answered a silly question and his answer boils down to the (valid) claim that it is not possible for any drive to require more than 35 passes. The total of 35 was obtained by summing all of the possible overwrite techniques for all possible drive/recording technologies. After that many non-sensible people claimed that 35 passes was the ne-plus-ultra in disk scribbing, which claim is both invalid and stupid. Lee Winter NP Engineering Nashua, New Hampshire
From: Boyd Stephen Smith Jr. on 6 Sep 2009 16:40 In <4AA40F4C.1050007(a)attglobal.net>, Napoleon wrote: >John Hasler wrote: >> Napoleon writes: >>> Overwriting with zeros (or ones) once is not at all secure. It can >>> easily be nearly 100% recovered by someone with the necessary >>> equipment, even more so on a modern drive. >> >> Please provide evidence that anyone has ever done this on a modern >> drive. >> >> In any case I doubt that the OP has secrets worthy of the attention of >> people with "the necessary equipment", whatever that may be. > >The FBI can do it, for instance. Do you have any supporting evidence for this statement? >Some data recovery companies can also >do it. Do you have any supporting evidence for this statement? Both of these parties have the ability to recover physically damaged disk better than the average consumer. Here equipment is valuable, as you can replace broken parts that do not contain data. Also, you can use equipment or parts that have different behavior when errors are encountered. Both of these parties have the ability to undelete files better than the average consumer. Here technical knowledge is valuable, based on how files are delete by the OS (hint: the data isn't overwritten at all), and the file system journal (and other "global" information) you can often recover files that have been deleted. >I'm sure there are many others who can, even on modern drives. No, no one can on modern drives. The research has been done. For virtually all "data loads" on a hard drive a single over-write with zeros is irrecoverable. (If you wrote the same 128-bit pattern over and over across and entire 1TiB hard drive, (so, 2^26 copies of the same data) you might be able to recover it.) -- Boyd Stephen Smith Jr. ,= ,-_-. =. bss(a)iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
From: Christopher Walters on 6 Sep 2009 17:40 Napoleon wrote: > John Hasler wrote: >> I wrote: >>> If you want to destroy all the data for security purposes install and >>> use shred. It will take quite a while on a large disk. >> >> Ron Johnson writes: >>> This really is a myth. > [snip] > (Should have gone to the list but I screwed up the first time - sorry). > > Overwriting with zeros (or ones) once is not at all secure. It can > easily be nearly 100% recovered by someone with the necessary > equipment, even more so on a modern drive. > > Overwriting multiple times with random data provides higher security. > Physical destruction of the disk (i.e melting or physically shredding > the disk) is the only sure-fire security. I recall this discussion before. There is a way to eliminate the contents of a hard disk without physical destruction. A powerful enough EMP (electro-magnetic pulse) aimed at the drive would be enough to permanently erase the contents. However, I doubt that anyone here has data on their drives sensitive enough for a government to want it (they have the equipment to retrieve data, barring physical destruction or EMP). Wiping a hard drive is usually enough, if you are going to sell it or give it away. Chris -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
From: Christopher Walters on 6 Sep 2009 18:00 Lee Winter wrote: > On Sun, Sep 6, 2009 at 3:42 PM, Sven Joachim <svenjoac(a)gmx.de > <mailto:svenjoac(a)gmx.de>> wrote: > [snip] > > Jumping into that discussion, here is evidence that this is not > possible > with modern drives: > > http://www.h-online.com/news/Secure-deletion-a-single-overwrite-will-do-it--/112432 > > > No, that it not evidence. It is an opinion; possibly a very informed > opinion. But security issues often require a skeptical perspective. > In this case an expert's statement that he does not know how to > retrieve info from a drive is abolutely worthless in determining > whether anyone else knows how to retrieve info from a drive. > > [snip] > That will work up to the value of the information being secured. But > once the value of the information reaches an upper limit then it > becomes worthwhile for people to use more sophisticated techniques, > and overwriting with a constant pattern becomes worthless. > > There is a recently revised NIST standard for securing information. > It says very little -- propably because the US givernment has an > interest in lowering other entities security. The previous versions > of that standard were a lot more informative and useful. > > BTW, no sensible person ever said that 35 passes were necessary and/or > useful. A well-informed and well-intentioned expert answered a silly > question and his answer boils down to the (valid) claim that it is not > possible for any drive to require more than 35 passes. The total of > 35 was obtained by summing all of the possible overwrite techniques > for all possible drive/recording technologies. After that many > non-sensible people claimed that 35 passes was the ne-plus-ultra in > disk scribbing, which claim is both invalid and stupid. > > Lee Winter > NP Engineering > Nashua, New Hampshire Not a fan of Peter Guttman, I take it. He is pretty well known in the fields of computer security and data deletion. Here is a link to his paper. http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html Chris
From: Zac Slade on 6 Sep 2009 18:00
On Sun, Sep 6, 2009 at 3:08 PM, Boyd Stephen Smith Jr. < bss(a)iguanasuicide.net> wrote: > In <4AA40AC8.2050804(a)attglobal.net>, Napoleon wrote: > >John Hasler wrote: > >> I wrote: > >>> If you want to destroy all the data for security purposes install and > >>> use shred. It will take quite a while on a large disk. > >> > >>> Ron Johnson writes: > >>>> This really is a myth. > >> > >>> What is? > >> > >> In actual fact, overwriting with zeros once probably suffices for a > >> modern drive (but there is the problem of bad blocks...) > > > >(Should have gone to the list but I screwed up the first time - sorry). > > > >Overwriting with zeros (or ones) once is not at all secure. > > This is totally, absolutely a myth. The 1996 paper used a recovery > technique > that doesn't work on modern drives, and admitted that only one random write > would likely be more than enough to prevent recovery. More recently, > actual > research was done on the topic, and a single-pass, fixed-pattern (all > zeros) > was still impossible to recover more than a few bytes from a modern hard > drive. > > Zac, do you have the URL for that paper handy? I know you sent it out end > of > last year or the beginning of this one, but I seem to have misplaced it. > Yes I've attached the research paper titled "Overwriting Hard Drive Data: The Great Wiping Controversy"(PDF) that shows this is only a myth. These guys did the work and it's very enlightening. See the chart on page 10 to see how impossible it is to recover bits from an overwritten drive. -- Zac Slade krakrjak(a)gmail.com |