Domain: 16systems.com
Stories and comments across the archive that link to 16systems.com.
Comments · 31
-
_you_ can't restore it after simple single zero dd
have you seen the challenge? http://16systems.com/zero.php
http://en.wikipedia.org/wiki/Gutmann_method However, once the space is overwritten with other data, there is no known way to recover it. It cannot be done with software alone since the storage device only returns its current contents via its normal interface. Gutmann claims that intelligence agencies have sophisticated tools, among these magnetic force microscopes, that, together with image analysis, can detect the previous values of bits on the affected area of the media (for example hard disk). This has not been proven one way or the other, and there is no published evidence as to intelligence agencies' current ability to recover files whose sectors have been overwritten, although published Government security procedures clearly consider an overwritten disk to still be sensitive.[3] Companies specializing in recovery from damaged media cannot recover completely overwritten files
In fact, physical damage got more chances for recovery then simple DD. So why do you still want to use a device for that? -
Re:overwritten once CAN be recovered
Markup Fail! Great Zero Challenge
-
Re:This should be a lesson...
Unless you have overwritten the area on the physical disk that contained the data, multiple times, the data can still be recovered.
A simple dd command with one run of 0's will permanently delete the data on a disk. Once upon a time it may have been possible to read the data after a single write but it is no longer possible. This challenge has been standing for quite some time and even though this is not proof of my assertion I am certain the multiple passes of writes thing is complete garbage.
-
bullshit
Unless you have overwritten the area on the physical disk that contained the data, multiple times, the data can still be recovered.
How about once? With zeros.
If you can retrieve you data from a drive after it has been dd'd with
/dev/zero, you might be able to win this prize.If you happen to be in the situation described, chances are you're fucked.
-
Re:please...
Before people start discussing if drives should be overwritten 32 or 2^32 times, please show me ONE proven example of a regularly zeroed drive being recovered.
This challenge has stood for more than a year.
http://16systems.com/zero.phpThat challenge does not prove anything. Saying that it is impossible to recover one specific file from that specific hard drive is probably true, at least with technology that is easily available.
Here are the problems with the challenge:
The drive has never been subjected to real-world use, they installed an OS on a brand new clean drive, added a couple files to "prove" out the challenge, and then wiped it.
Sound like a good setup right? Wrong.For starters, most hard drives do not get sold off until they have been used for a good bit of time. They also generally contain/have contained more than one file of interest.
If I took the same type of setup, but instead of wiping the drive I simply deleted the file, and then used the drive for a good bit of time, chances are that the file that "proves" out the challenge is gone for good. So even if I could recover the rest of the OS on their test drive I would still fail because I didn't get the one they require me to get.
There are a host of plausible (note I don't say possible) recovery techniques for a drive that has been used in the real world for any period of time. In most cases these will not give you everything back from the drive, but they do have a chance to give SOME data back... but you can't just say "i'll recover THIS file" you recover what you can and then see if the data is still worth anything.
So if you were to fill a hard drive up with thousands and thousands of files, none of which you want to ever be seen, then the chances of being able to recover one usable file isn't all that bad... but the chances to recover one SPECIFIC file are nearly zero.
In short, this is a carefully crafted "challenge" that is set up for failure to start with.
No reputable company would waste their time on this, especially not for the $500 pittance that they offer as a "reward".If they are really serious, then they should do the following:
Purchase several dozen new hard drives, from different manufacturers and different product versions.
Create several hundred thousand test files, some encrypted some not. These files should range in size from smaller than a single cluster up to large files that span multiple clusters.
Write these files across all the drives, repeatedly, and fill the entire volume.
Take some of the files and write them to the drive within a small range of sectors over and over, several hundred thousand write cycles at least. (This will simulate frequently cached data)Now that the drive is properly salted with data, run their suggested wipe process.
This will give you a much more scientifically accurate example of a real-world target drive.Then up the ante and, since they are SO SURE they are right, offer a million dollars as a reward. After all, if they are so confident then they won't have to pay, right?
-
please...
Before people start discussing if drives should be overwritten 32 or 2^32 times, please show me ONE proven example of a regularly zeroed drive being recovered.
This challenge has stood for more than a year.
http://16systems.com/zero.php -
Re:I'm calling BS
All TC volumes are modulo 512 (very rare) and pass chi-square test (even rarer). Check out TCHunt. It's amazing. http://16systems.com/TCHunt/index.php It will find *all* of your TrueCrypt volumes. They also disclose how they do it.
-
TCHunt Does this very well
TCHunt found all of my TrueCrypt volumes. It's free too. http://16systems.com/TCHunt/index.php
-
Re:ebay maybe?Hate to be anti-karma whore... but MOD PARENT DOWN.
This issue has been reposted over and over, and every time gets the following negative responses.
Reasons why this "challenge" sucks:- Screenshot states a whole $40 award
- "Three data recover companies were contacted" for the challenge
- "You also must publicly disclose in a reproducible manner the method(s) used to win the challenge" for a company to reveal their secret to all the other companies?
- Prize was upped later to: "They also will receive $500.00 USD", which is still worthless, because of the above point requiring you to disclose your secret for the award money.
Removing the requirement of the revealing your secret would greatly improve the takers to more than just 3 companies.
-
Re:ebay maybe?
If you feel the need, but so far, no one has even done zeros.
-
Re:ebay maybe?
Not even necessary
-
Re:Why not just use TrueCrypt?
All TCHunt does is look for random data. If you append 100MB of
/dev/urandom to a file and run TCHunt, it will "recognise" it as a TrueCrypt volume.This is not a secret. This is how encryption works. Obfuscating your data inside a apparently plaintext structured format is called stenanography and is another subject entirely.
The changelog is here
Discussions on using CVS and other version control are scattered throughout the forums without apparent quoshing by the admins. Yes, old versions of the source are not available - unless you already downloaded them, of course.
The MD5 hashes changing for the installer was just that - they rebuilt the installers with some of the new setup (like offering the option to disable the pagefile) from the version 6 installers, but the binaries inside remained identical. Doing this is rather poor practice because it raises this sort of question, but hey, you trusted the first file signed with their PGP key, why not the second? The TCHunt guys have an archive of old TrueCrypt versions, but they won't let you download them now for bandwidth reasons ; it might be illuminating to pick through the various MD5 versions and compare the actual binaries installed.
If someone is concerned about back doors, they can audit the code, and build it themselves. (don't respond to this with the Ken Thompson compiler back door proposition). Undoubtedly there are people that do this, although they are not equipped to sign their builds with the TC foundation PGP key.
As a popular encryption soft, I have no doubt it comes under scrutiny. I might trust it a mite more if it was signed by Bruce Schneier's key though
:-) -
Re:Why not just use TrueCrypt?
I tried this util. using tc6.0a to create a 1GB file volume with a 512k hidden both of which were serpent-twofish-aes wrapped, tchunt failed to find it.
I guess you are using the alpha version?
http://16systems.com/TCHunt/alpha.htmlOnly locates TC volumes between 15MB and 100MB in size. The only purpose of this is to limit the usefulness of the alpha version. Unrestricted versions of TCHunt search for volumes between 19KB and 1TB.
-
Re:Why not just use TrueCrypt?
No one knows who wrote TrueCrypt. No one knows who maintains TC. Moderators on the TC forum ban users who ask questions. TC claims to be based on Encryption for the Masses (E4M). They also claim to be open source, but do not maintain public CVS/SVN repositories and do not issue change logs. They ban folks from the forums who ask for change logs or old source code. They also silently change binaries (md5 hashes change) with no explanation... zero. The Trademark is held by a man in the Czech Republic ((REGISTRANT) Tesarik, David INDIVIDUAL CZECH REPUBLIC Taussigova 1170/5 Praha CZECH REPUBLIC 18200.) Domains are registered private by proxy. Some folks claim it has a backdoor. Who Knows? These guys say they can find TC volumes:
http://16systems.com/TCHunt/index.html
For these reasons, I won't use it. Encryption is important and TC looks great and makes great claims, but TC should be more transparent.from: http://www.reddit.com/r/programming/comments/7otuy/who_wrote_this_software_an_excia_agent/
-
Re:If you are able to do it
Hey, they even give the answer:
I will take a shortcut and break the encryption of this. Those fools!
-
$500 if you can prove otherwise
$500 if you can prove otherwise. The Great Zero Challenge
-
The Great Zero Challenge: REWARD!!!
-
Re:Tag this "itsatrap"
That'd probably be this challenge from further up the page - $500 at the moment, and apparently three companies have turned it down after the dd command was mentioned because they 'know' it isn't possible.
-
If you are able to do it
These guys will give you 500 bucks
which is surely worth the time and effort involved in something like this. -
Re:In other news
1 pass of zeroes we got around,sorry but it has been awhile, but we got around 80% IIRC.
With that kind of skills, here's a free $500 for you ⦠http://16systems.com/zero/
-
Zero-wiping is entirely sufficient
Reading a modern hard disk that's been written over with zeroes is not that simple, and would likely require very specialized, very precise hardware.
The historical problem with writing over with zeroes was that the amount of magnetic surface between tracks on the platter was fairly large. This space between tracks would keep a "ghost" of previous data should there be only zeroes written to the nearby tracks. Guttman's research and the DoD wiping method were designed to overwrite the track data and make sure that that "ghost data" would be wiped as well.
Modern disks have such narrow gaps between tracks that overwriting with zeroes is sufficient to stump any commercial data-recovery attempts. (See, e.g. The Great Zero Challenge).
The military takes more extreme measures with highly-classified data because there are ridiculously expensive and time-consuming methods that one could use to recover data that's been "merely" wiped. There are governments and organizations that have those resources that might be willing to expend them to get their hands on such data.
There are not criminal organizations that have or will expend the insane effort to recover the information that might be on an individual's drive. The cost-benefit just isn't there. An individual who boots something like DBAN and does a one-pass wipe of all zeroes across the entire disk is entirely safe from anyone who has less resources than a major government intelligence agency.
-
Re:I find a Magnet Works
Reading a modern hard disk that's been written over with zeroes is not that simple, and would likely require very specialized, very precise hardware.
The historical problem with writing over with zeroes was that the amount of magnetic surface between tracks on the platter was fairly large. This space between tracks would keep a "ghost" of previous data should there be only zeroes written to the nearby tracks. Guttman's research and the DoD wiping method were designed to overwrite the track data and make sure that that "ghost data" would be wiped as well.
Modern disks have such narrow gaps between tracks that overwriting with zeroes is sufficient to stump any commercial data-recovery attempts. (See, e.g. The Great Zero Challenge).
The military takes more extreme measures with highly-classified data because there are ridiculously expensive and time-consuming methods that one could use to recover data that's been "merely" wiped. There are governments and organizations that have those resources that might be willing to expend them to get their hands on such data.
There are not criminal organizations that have or will expend the insane effort to recover the information that might be on an individual's drive. The cost-benefit just isn't there. An individual who boots something like DBAN and does a one-pass wipe of all zeroes across the entire disk is entirely safe from anyone who has less resources than a major government intelligence agency.
-
The Great Zero Challenge
Am I the only one who remembers this?
http://16systems.com/zero/
Unless you have way too much time on your hands and probably an electron microscope as well, `dd if=/dev/zero of=/dev/hda` works just fine. This is especially true for protecting against identity theft because no identity thief will want to spend that much time/money/effort recoving your data when they can just get another drive that wasn't wiped at all. (Unless you're really rich - then maybe they would.) -
Terrible misinformation
Note that the Great Zero Challenge remains unanswered. Overwriting a hard drive with zeroes will erase all data on it irretrievably (I agree totally that ordinary delete methods would not do so).
Yes, there have been lots of articles about how overwritten data can be retrieved with various vaporware methods, but no commercial data recovery companies has implemented these. So unless you are paranoid about the NSA using their super secret data recovery methods to find out your hotmail password after buying your hard drive off eBay, it is not necessary to physically destroy a perfectly good hard drive. -
Just wipe it once
Really, there's no need to wipe it more than once unless you honestly think it will matter. At least these guys think so:
-
Re:RAID doesn't protect against your worst enemy
You mean these idiots? A whole $500 prize when the cost of recovery will equal at least a few multiples of ten (or exponents of the base) over the "big prize" isn't a winner.
It's glory hounding when you know that anyone with enough brains to know what a "dd" is won't accept your challenge just based on cost alone.
Good luck on that piece of urban crapology...
-
Re:I think you got it at the beginning.They've raised the prize!
as of September 6th, 2008, we are raising the prize to $500.00 USD
-
Re:Not so.
That is the cheapest publicity they would ever receive... and what publicity they would receive!
Yes, what publicity they would receive?
:) I've never heard of 16systems.com before, their site is barebones with almost no articles. I dare say they caught a lucky break with this Slashdot article. Maybe I'm wrong, but it seems that there is no obvious publicity to be had (before now). And should recovery firms respond to everyone with a small website who issues a challenge? -
Re:Bunches of small drives
There was a "suggestion" that "magnetic force microscopy may be able to recover such data".
I am not convinced that anyone has actually done this, and the cheapo Zero Challange http://16systems.com/zero/index.html has not been attempted (perhaps because it is cheap).
In any case the 35 writes of the DoD standard is to cater for all kinds of drives, including old MFM drives - so the whole thing is not necessary when you know the drive type.
http://en.wikipedia.org/wiki/Data_remanence
DOD recommend degaussing or descruction for sanitisation, and overwriting sufficient for clearing.
NIST say a single overwrite is sufficient for modern drives and refer to remenance recovery on a modern drives as "urban legend".
But bear in mind, a sector marked bad by the hard drive will remain untouched during a complete overwrite with zeros, hence the degaussing method preferred by DOD.
But essentially, a single writing of zeros is good enough for anyone unless it is ultra sensitive, then no amount of writing is good enough - you must degauss or destroy. -
Generating SSNs is Easy
Generating plausible SSNs is very easy to do. The Social Security Administration posts public info on how to verify numbers. They update that info monthly. Web pages like this one use that info to generate numbers that have probably been issued, will soon be issued and numbers that cannot possible be issued.
-
Re:"They" say
Data recovery experts say "There's less than a zero percent chance" of data recovery. (No idea what 0% that actually means, but they seem pretty certain).