Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Stealthier Internet access
From: "Elazar Broad" <elazar () hushmail com>
Date: Wed, 26 May 2010 00:51:25 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Thermite will definitely do, checkout
http://hackaday.com/2008/09/16/how-to-thermite-based-hard-drive-
anti-forensic-destruction/ and of course a .50 APIT round will do
as well:
http://www.ranum.com/security/computer_security/editorials/diskcrypt
/index.html.

elazar

On Tue, 25 May 2010 16:08:45 -0400 Valdis.Kletnieks () vt edu wrote:
On Wed, 26 May 2010 01:25:25 +0545, Bipin Gautam said:

Rest of article actually looks good at first glance, but this
jumped out at me:

-Software disk Wiping:
 Wipe KEY, header of your encrypted storage volume (first few
mb, ref
specific manual) Ref using Peter Gutmann standard of data
wipeing (35
wipes)
And wipe entire storage using U.S. DoD 5200.28-STD (7 wipes)

There is zero evidence that anybody is able to recover data after
even a
single overwrite of /dev/zero on a disk drive made this century.
Even in
the MFM days, Gutmann's recovery technique was difficult - today's
densities
render it essentially impossible.  Even if it's possible, if your
threat model
includes the sort of organizations that could theoretically do it,
maybe you
should be considering thermite rather than software wipes.
Especially if
they're pounding on your door. ;)

I'm more than open to hear of any *confirmed* cases of data
recovered after
even a single overwrite anytime after 1995.  To date, I have not
seen one.
Prove me wrong, guys. ;)
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0

wpwEAQECAAYFAkv8qM0ACgkQi04xwClgpZhNWgP+Jg91G1IJm5+L64QZSiKfQA7pllvt
SU9eYGPfbSB3hav5FWio4R0OSl1ivSox5X3FSgQRxYup6+BqZD3PtmeD38CykutOPAdy
/5CG8L+RpoetFKXx4guT3hAGQO/arMfnbgD9wKY6cPxX7hXEtViciU8pvyHgXLIVYyEE
0dmsm5c=
=pSkX
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]