Inquiry:How to totally wipe out the entire hard drive
in [Debian]
|
Prev: On boot - firewall warning.......
Next: cisco vpnclient: not able to get shell output for more than a few lines
From: Lee Winter on 6 Sep 2009 20:00 On Sun, Sep 6, 2009 at 5:52 PM, Christopher Walters <cjw2004d(a)comcast.net>wrote: > Lee Winter wrote: > > On Sun, Sep 6, 2009 at 3:42 PM, Sven Joachim <svenjoac(a)gmx.de> wrote: > >> [snip] > > Jumping into that discussion, here is evidence that this is not possible >> with modern drives: >> >> >> http://www.h-online.com/news/Secure-deletion-a-single-overwrite-will-do-it--/112432 > > > No, that it not evidence. It is an opinion; possibly a very informed > opinion. But security issues often require a skeptical perspective. In > this case an expert's statement that he does not know how to retrieve info > from a drive is abolutely worthless in determining whether anyone else knows > how to retrieve info from a drive. > > [snip] > > That will work up to the value of the information being secured. But > once the value of the information reaches an upper limit then it becomes > worthwhile for people to use more sophisticated techniques, and overwriting > with a constant pattern becomes worthless. > > There is a recently revised NIST standard for securing information. It > says very little -- propably because the US givernment has an interest in > lowering other entities security. The previous versions of that standard > were a lot more informative and useful. > > BTW, no sensible person ever said that 35 passes were necessary and/or > useful. A well-informed and well-intentioned expert answered a silly > question and his answer boils down to the (valid) claim that it is not > possible for any drive to require more than 35 passes. The total of 35 was > obtained by summing all of the possible overwrite techniques for all > possible drive/recording technologies. After that many non-sensible people > claimed that 35 passes was the ne-plus-ultra in disk scribbing, which claim > is both invalid and stupid. > > Lee Winter > NP Engineering > Nashua, New Hampshire > > > Not a fan of Peter Guttman, I take it. > Incorrect. > He is pretty well known in the fields of computer security and data > deletion. Here is a link to his paper. > > http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html<http://www.cs.auckland.ac.nz/%7Epgut001/pubs/secure_del.html> > > Yup, that's the one. Please read the first paragraph of the section entitled "Epilogue" and compare it to the summary I gave above in the last paragraph. It was my intention that they mean the same thing. In the section entitled "Further Epilogue" he goes on to describe the hopelessness of trying to recover info from a modern drive. That section is the target of my comments re the opinion of an expert who states he does not know how to accomplish a certain task. There is absolutely nothing wrong with his statement. There is everything wrong with the reader mis-interpreting his statement as evidence or proof that the certain task is infeasible. Case in point. A couple of years ago one of the major financial companies (3rd I think) in NYC was concerned about reducing costs. They run an IT-intensive operation so they recycle machines often. That is expensive. But a 1-or-2-year-old HD is reasonably valuable. So they wanted to recycle them rather than destroy them. But they have _extremely_ valuable information on even their desktop drives. Many contain customer information, so, as a fiduciary, any preventable leakage would essentially put them out of business. Other drives may contain strategic information either in the form of documents or in transaction records. And of course the data-center drives are even more valuable. What's all that information worth? Many zeros. _Many_. As an aside, shredding is a popular method of drive destruction. But modern drive densities are so high that even a shred 0.01" square can hold valuable data, so physical destruction alone is not sufficient. That may have something to do with the fact that _internal_ gov't standards allow only a very few kinds of physical destruction -- i.e., complete to the level of a minimum-sized magnetic domain of the particular recording media. Think acid, thermite, grinding/abrasion, etc. Given the incredible value of the financial system data, how much is it worth to recover it? The modern recovery process usually has two distinct phases, one quite capital- and skill-intensive and one quite ordinary. The first phase is to build a data recovery capability (lab). That takes time, money, and skilled labor. The second phase is operating the recovery lab, which is fairly cheap. It isn't very fast though (meaning long latency, but not meaning low throughput). Point is that once you have such a capability many unreasonable possibilities become quite reasonable. And industrial espionage is a thriving industry. Just who owns (or more importantly controls) the recycling company that hauls away your machines/drives? Have you ever taken a drive apart, replaced the drive electronics and resold it? People do it all the time. And if the replacement happens to be a much more sophisticated board, you can read lots of things that the original drive electronics could not. If you open the sealed module to get at (replace) the HDA you can do a great deal more. If you have serious cash available, like $1e8, you can get a low-level image of the platters with an STM and turn a computing cluster loose on the image. That's just an (extremely) advanced form of OCR. C.f. "palimpsest". Point of this mini-rant is that it is very easy to underestimate security threats. People should resist that tendency. Disclaimer: I no longer participate in drive recycling, so I'm not "selling" anything here. Just providing a word to the wise. Lee Winter NP Engineering Nashua, New Hampshire
From: Napoleon on 6 Sep 2009 22:20 Sven Joachim wrote: > On 2009-09-06 21:12 +0200, John Hasler wrote: > >> Napoleon writes: >>> Overwriting with zeros (or ones) once is not at all secure. It can >>> easily be nearly 100% recovered by someone with the necessary >>> equipment, even more so on a modern drive. >> Please provide evidence that anyone has ever done this on a modern >> drive. > > Jumping into that discussion, here is evidence that this is not possible > with modern drives: > > http://www.h-online.com/news/Secure-deletion-a-single-overwrite-will-do-it--/112432 > > So, anyone who wants to sell his hard disk can just use > "dd if=/dev/zero ..." and be done with it. > > Sven > > Don't believe everything you read on the internet. This guy may claim to be a forensics expert, and he may claim to be able to do certain things. But he does not have a security clearance (if he did, he wouldn't be able to discuss it), and he obviously does not have access to some of the equipment available to others. -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
From: Christopher Walters on 7 Sep 2009 05:50 Lee Winter wrote: [snip] > > He is pretty well known in the fields of computer security and > data deletion. Here is a link to his paper. > > http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html > <http://www.cs.auckland.ac.nz/%7Epgut001/pubs/secure_del.html> > > > Yup, that's the one. > > Please read the first paragraph of the section entitled "Epilogue" and > compare it to the summary I gave above in the last paragraph. It was > my intention that they mean the same thing. > > In the section entitled "Further Epilogue" he goes on to describe the > hopelessness of trying to recover info from a modern drive. That > section is the target of my comments re the opinion of an expert who > states he does not know how to accomplish a certain task. There is > absolutely nothing wrong with his statement. There is everything > wrong with the reader mis-interpreting his statement as evidence or > proof that the certain task is infeasible. > > Case in point. A couple of years ago one of the major financial > companies (3rd I think) in NYC was concerned about reducing costs. > They run an IT-intensive operation so they recycle machines often. > That is expensive. But a 1-or-2-year-old HD is reasonably valuable. > So they wanted to recycle them rather than destroy them. > > But they have _extremely_ valuable information on even their desktop > drives. Many contain customer information, so, as a fiduciary, any > preventable leakage would essentially put them out of business. Other > drives may contain strategic information either in the form of > documents or in transaction records. And of course the data-center > drives are even more valuable. What's all that information worth? > Many zeros. _Many_. > > As an aside, shredding is a popular method of drive destruction. But > modern drive densities are so high that even a shred 0.01" square can > hold valuable data, so physical destruction alone is not sufficient. > That may have something to do with the fact that _internal_ gov't > standards allow only a very few kinds of physical destruction -- i.e., > complete to the level of a minimum-sized magnetic domain of the > particular recording media. Think acid, thermite, grinding/abrasion, etc. > > Given the incredible value of the financial system data, how much is > it worth to recover it? The modern recovery process usually has two > distinct phases, one quite capital- and skill-intensive and one quite > ordinary. The first phase is to build a data recovery capability > (lab). That takes time, money, and skilled labor. The second phase > is operating the recovery lab, which is fairly cheap. It isn't very > fast though (meaning long latency, but not meaning low throughput). > > Point is that once you have such a capability many unreasonable > possibilities become quite reasonable. And industrial espionage is a > thriving industry. Just who owns (or more importantly controls) the > recycling company that hauls away your machines/drives? > > Have you ever taken a drive apart, replaced the drive electronics and > resold it? People do it all the time. And if the replacement happens > to be a much more sophisticated board, you can read lots of things > that the original drive electronics could not. If you open the sealed > module to get at (replace) the HDA you can do a great deal more. If > you have serious cash available, like $1e8, you can get a low-level > image of the platters with an STM and turn a computing cluster loose > on the image. That's just an (extremely) advanced form of OCR. C.f. > "palimpsest". > > Point of this mini-rant is that it is very easy to underestimate > security threats. People should resist that tendency. > > Disclaimer: I no longer participate in drive recycling, so I'm not > "selling" anything here. Just providing a word to the wise. > > Lee Winter > NP Engineering > Nashua, New Hampshire Well, it seems like we might agree on this one. My point is that, just because an expert (or 'expert') says it is impossible to recover data from a modern drive does not make it true. As Mr. Guttman points out, we only have the standards that are *published* by various governments, and we all can agree that those published standards don't tell the whole story, for various reasons. Only the FBI and those who work for them know what they are *really* capable of recovering from a wiped hard drive - most of their methods and capabilities are certainly classified. The CIA probably has similar methods, and I assume that other governments around the world have theirs. The methods to destroy drives that contain classified data are also most certainly classified, so a real expert in either area would not be at liberty to say what they are. However, it is just a guess, but I don't think that anyone here has data on their drives that is so sensitive that it would require extreme measures to destroy the data (e.g. destroy the drive). I would think that, for most, a simple wipe would be sufficient, since most individuals don't have access to an STM or the skills to use it. Chris
From: Andrei Popescu on 8 Sep 2009 03:10 On Mon,07.Sep.09, 05:44:31, Christopher Walters wrote: > However, it is just a guess, but I don't think that anyone here has data > on their drives that is so sensitive that it would require extreme > measures to destroy the data (e.g. destroy the drive). I would think > that, for most, a simple wipe would be sufficient, since most > individuals don't have access to an STM or the skills to use it. Well, my guess is if anyone does have important enough data he should be using encrypted storage in the first place. Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein)
From: Napoleon on 12 Sep 2009 00:20
Which actually proves nothing at all. It is only their opinion that it cannot be done. But then if they had the equipment to do it, they wouldn't be allowed to publish a paper on it. Governments (including the U.S. government) have equipment far surpassing anything publicly available (and discussable). Zac Slade wrote: > This time with the attachment... *whiff* > > > -- > Zac Slade > krakrjak(a)gmail.com <mailto:krakrjak(a)gmail.com> -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org |