drive wipe

Aaron Toponce aaron.toponce at gmail.com
Thu Oct 23 12:44:04 MDT 2008


On Thu, Oct 23, 2008 at 11:25:49AM -0600, Brian Beardall wrote:
> The award money isn't even worth it. The best way would be to have the
> FBI or CIA want the data off the disk. They'll spend what ever it takes
> to invent the technology to get the data off. After all those two
> probably have the best data recovery services this planet has to offer.
> I'm not suggesting to do anything illegal to test their services though.

Ahh. The good old
government-conspiracy-ultimate-computing-power-endless-resources
argument. Here's why people think these utilities that overwrite data
seven billion times is "secure":

MFM, RLL and older drives suffered from jitter, which means the actuator
couldn't acurately write bits in exactly the same spot every time. As
such, little segments of left over charge from the previous write was
available. Regardless how many times you wrote data to the disk, there
was always left over charge, which meant that recovering the initial
data was just math. Lastly, the bits on these drives was substantially
larger than they are today, making recoving the left over charge easier.

Thus utilities were created to overwrite the data several times,
maximizing the switch between 1s and 0s written to the bit place on the
platter. Take a look at the GNU shred utility. By default, it will
overwrite the disks 25 times by default, with options such as ending on
zeroes or changing the number of passes.

Today, we use ATA drives, many of which are using perpindicular
recording. We are pushing data space to its physical limits with current
hardware. If we were to push the physical bits any closer together, the
drive would suffer from paramagnetic effect, and you would lose your
data. Those bits are so stinking small, that "jitter" is not a problem
with ATA drives, especially with perpindicular recording platters. When
you write data in the same spot as previous, it goes in *exactly* the
same spot as before. No left over charge. So, what used to be a "1" then
"0" on MFM and RLL drives, would result in possibly "0.005", on ATA
drives, it's a "0".

Also, the CIA, FBI, NSA, TSA, DOHS, etc. might have access to
endless funds, and impressive machinery. They might have some of the
brightest minds in the world too. However, that doesn't mean that
general academia is stupid, or does not have access to some pretty
impressive hardware as well. While the NSA might have killer computing
with deep pockets, I believe we may only be 5% behind them in terms of
resources. So, in other words, I don't buy the whole "the goverment has
secret labs with killer machines that can break PGP keys overnight"
garbage. Take a look at the the top 500 supercomputers in the world, and
count how many of them are owned or funded by academia, and not the
goverment.

Zeroing a drive is just as effective on ATA disks as any other "secure"
data deletion utility. There is no left over charge, which means data
recovery is extremely and highly improbable, if not near impossible.
There is no evidince that I can find, educational or otherwise, that
after an ATA drive has been zeroed, its data was recovered. It's a myth
that has come as a result of our older MFM and RLL ancestors.

Peter Gutmann wrote a good article on securely deleting data, as well as
the jitter and charge residue that I mentioned above. Notice the disk
encoding scheme that he's referring- RLL and MFM.

http://usenix.org/publications/library/proceedings/sec96/full_papers/gutmann/
-- 
                       _
Aaron Toponce         ( )  ASCII Ribbon Campaign
www.aarontoponce.org   X   www.asciiribbon.org
                      / \
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: Digital signature
Url : http://plug.org/pipermail/plug/attachments/20081023/053a45b4/attachment.bin 


More information about the PLUG mailing list