Slashdot Mirror
Single Drive Wipe Protects Data
ALF-nl writes "A forensics expert claims that wiping your hard drives with just one pass already makes it next to impossible to recover the data with an electron microscope." But that's not accounting for the super secret machines that the government has, man.
One wipe is never enough.
Didn't your mommy teach you anything?
Especially true after Taco Bell.
Just use encryption (of your whole drive or partition) and forget about wiping it.
It's not that hard. For example, several modern Linux distros support encrypting your entire installation out of the box.
-- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz
1) next to impossible != impossible
2) if the feds require multi-pass wipes for non-classified data and media destruction for classified data, why should I settle for anything less?
OK, maybe this guy is right and maybe the feds are behind the times, but I'd like to see multiple independent studies come out and say this before I'm getting rid of my drive sanitizers. I mean, we all know what happens to societies when they get rid of their equipment sanitizers, don't we?
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I thought a few weeks ago we were supposed to drill holes in the drive platters and fill the case with thermite, then drop the whole computer into the fires of mount doom.
This week, a one pass wipe is enough.
That's what they WANT you to think.
In all seriousness. If the government wants to get information, they are not going to the trouble of an electron microscope to look at your hard drive. I'm sure they have other methods of extracting the information they want. While this information (about how many wipes you need) is interesting from a theoretical point of view, it is useless from a practical one.
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
I thought this would be fairly obvious from the fact there doesn't exist any recovery services that will recover zerod out data for you, at most they can usually try to recover data that has been deleted(forgotten) by the operating system.
Myhtbusters need to look at this. Then they should do a wipe that would really suit their style - a shock wave through the drive will raise the temperature at the wave front above that where the material is magenetic (curie temperature). In other words - explosives!
Last month my grandma asked for a new laptop and prior to putting her old HP on ebay I wiped it via Gutmann 35-Pass method, way above DoD and NATO standards, so her ultra-secret vanilla cake recipe could remain a household secret.
It says data written to a pristine drive is much easier to access.
If drive-manufacturers wrote random data to their drives 2 or 3 times before shipping, I wonder if this would help?
Combine this with OS-level "overwrite with random after delete" or, to allow for "oopsies," delayed-overwrite after delete but before next use, the problem of "ghost data" in unallocated drive space could mostly disappear.
Of course, there are other issues, like data internal to a file that is no longer current, data in paged-memory files, and data on backup media, but that's outside the scope of the "I deleted the file, it should be gone but it's not" problem.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
[pulls tinfoil hat tighter over head]
Sure, that's just what they want you to think.
These guys will give you 500 bucks
which is surely worth the time and effort involved in something like this.
That would take too long - you can't depend on the blocking kernel random generator, as it needs a source of data to keep feeding the entropy pool.
I want to delete my account but Slashdot doesn't allow it.
It seriously depends on your crime as to how far police will go to obtain data from a hard disk.
If, for instance, to kill no more than three people in cold blood. They won't even look.
If, you have a few ounces of pot, the DEA will use the FBI forensics labs.
If you have a history of violence and have beaten countless women, they won't even look.
If you've given more than a few hundred bucks to an Islamic charity, the NSA will step in.
If you bilk hundreds or thousands of people out of millions of dollars, they won't even look.
if you are accused of fighting on the train in San Fransisco, they'll just hold you down and shoot you in the back. Fuck the computer.
That'd probably be this challenge from further up the page - $500 at the moment, and apparently three companies have turned it down after the dd command was mentioned because they 'know' it isn't possible.
The source of the claim seems Gutmann's 1996 article: http://www.usenix.org/publications/library/proceedings/sec96/full_papers/gutmann/index.html where he says: "Data overwritten once or twice may be recovered by subtracting what is expected to be read from a storage location from what is actually read. Data which is overwritten an arbitrarily large number of times can still be recovered provided that the new data isn't written to the same location as the original data (for magnetic media), or that the recovery attempt is carried out fairly soon after the new data was written (for RAM)." It was challenged already in 2003 http://www.nber.org/sys-admin/overwritten-data-guttman.html where Feenberg writes: "Surveying all the references, I conclude that Gutmann's claim belongs in the category of urban legend." As usual, this story shows that individual claims have to be checked by independent parties. Even the claim that it can not be done.
"One up, one down, one to polish."
Dave Lister
I can't help but sit here shaking my head in some disbelief at the comments I've read on this thread. Slashdotters are a technologically savvy community for the most part, and I lost track of the number of times that I saw something to the effect of "The government probably has means/software/tools/hacks to get your info."
Now, I've done extensive work *for* the government in the realm of computer forensics, which is as far as I'll elaborate, and the tools we use are commercially available. Were anyone so inclined, you could even attend or get notes on FBI or DoD taught digital forensics classes.
There's nothing wrong with some good old fashioned suspicion or conspiracy theory, but the *one* area that slashdotters should be mostly competent and knowledgeable on has more of those wild ideas than anywhere else.
Define next to impossible
The researcher did. From TFA:
Recovering a single byte of data, for example, on a used drive is successful less than one percent of the time, he found. Accurately recovering four bytes, or 32 bits, of data only works nine times out of each million tries.
So, 1 specific byte of data could be recovered 1% of the time, 4 bytes -> .0009%.
Extrapolating to 10Mb is about 1/10^(10^6 / 8)=0% according to my calculator which keeps goes to 10^-324. So, I think 'next to impossible' is a pretty accurate term.
> if you can recover from 1 overwrite, while still being able to get the new data, the
> capacity has just doubled.
Not if it takes hundreds of hours to do and recovers only 3/4 of the data on average. There is a lot of room between "not secure" and "reliable data storage".
It is very unlikely that any of us need worry that our overwritten files will be recovered, though. None of us have secrets that important.
Besides, the bot that controls your Windows box has already uploaded all your passwords.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
The guy's a forensics expert. Of course he's going to tell you one wipe is enough. If you do more than that, he might be out of a job.
I'm surprised he didn't say "It's cool man, just write 'DELETED' in sharpie on the case and your drive will never function again. *snicker*"
It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
I used to be a blacksmith, and I still have a nice little power-hammer in my workshop that delivers the clout of a 500 lb sledgehammer. I would be willing to bet that my way of disposing of my old disk drives, which involves heating it to about 800 degrees C in my forge and giving it a few taps with that mother would defeat the most earnest efforts of the NSA, since the drive comes out about the thickness of tin-foil.
:-)
Disclaimer:
The NSA has no jurisdiction here in Australia, (yet) and...
They would probably be bored by the contents of my drives anyway, and...
Yes, I am aware that that temperature will demagnetise the platters, but...
It's good fun to do anyway: shiny hot things and lots of noise.
That's why the DoD has lowered their standards to a single fixed wipe and to prove it is going to send all of their super secret hard drives to china to be proven that the data is unreadable.
Because the DoD makes ALL its decisions based on sound science. That's why the Air Force took over the CIA's sponsorship of remote viewing in 70s, why the Navy funded research into cold fusion and anti-grav, and why we're buying hand-held polygraphs for troops in Afghanistan.
I mean, I had the same knee jerk suspicion, but I'm not going to hold up the DoD's standards as proof of anything but potentially reasonable paranoia. The Pentagon has a long-demonstrated sweet tooth for junk science.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
I've worked in the electronics industry too. You might get tin whiskers if you use an immersion tin finish on the board and a tin solder for the assembly, but you don't need to do that to get a RoHS compliant product. There are immersion gold, immersion silver, and other leadfree solder finishes available. Modern leadfree solder alloys don't have the same kind of problems with tin whiskers as earlier ones. Reflow heating should be preformed as well. Effective conformal coating can also reduce the risk of whisker growth. Another issue is that many vendors lie or don't properly track how their components are made. Don't trust the sales people! Test your parts yourself to make sure that they comply with the specs that you ordered.
I support the adoption of RoHS in the USA because I've seen how corporations ignore the safety of their employees and customers with regard to hazardous materials such as lead. Strong democratic unions could be used to keep companies honest, but currently American unions tend to be too corrupt and weak to be able to change the industry.
------ Take away the right to say fuck and you take away the right to say fuck the government.