Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Gutmann's research paper today
From: Valdis.Kletnieks () vt edu
Date: Wed, 08 Feb 2006 09:33:21 -0500

On Wed, 08 Feb 2006 10:11:45 +0100, gimeshell () web de said:
But isn't recovering from lower "layers" much easier, if you can predict over write-patterns?

It's a matter of signal strength.  The un-overwritten residual field is on the
order of 1/1000th of the main signal.  After 2 passes, the signal you want to
find is down close to a millionth of the over-write signal.  At that point, it
becomes hard to tell whether that tiny bump in the signal is a 1 that survived
2 overwrites of zero, or if it's a random fluctuation in the signal strength
of the written signal.

After i read "a few passes" another question arised to me:

In his paper he wrote, that securely deleting data from disk is very
difficult, because of the fact that write head doesn't set polarity of all
"magnetic domains":

Right.  The residual signal is basically the signal from domains that didn't quite
get their polarity reset.

So doesn't incrementing amount of rounds of random writing increase
probabilty, that write head sets polarity of _all_ magnetic domains sooner or
later and thus making secure deleting closer?

Well.. OK. Sure. You can spend a week over-writing that drive with 2,000 passes,
and have a *really* high confidence that you got every single domain.

On the other hand, a lot of us live in the real world, and stop after 3 passes
because at that point, it's highly unlikely that any *useful* data will be
recoverable.  If you're *so* paranoid that it really *does* matter that the
attacker could spend a month working on the drive and recover 'Ano' from 3.6
gigabytes into the drive, and 'the' from 9.8 gig in, it's a lot more time and
cost effective to just nail the drive with thermite or a degausser rated for
the jog.

And exactly that level of paranoia is why overwrites are only good up to Secret,
and Top Secret and above require physical destruction (a recent NIST document,
for example, recommends that for grinding, the remaining pieces be no larger
that 0.25mm is size).

Attachment: _bin

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]