[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Erasing Disks

At 11:12 PM 9/11/96 -0700, you wrote:
>The paper starts with the comment that most secure data destruction guides
>are classified.  There is the suspicion that the unclassified ones do not
>cover the newer recording materials and techniques, and will not protect
>you against government attackers.

I disagree.  The methods for declassification in the Army and
Defense Department security manuals included several approaches:
1) Physical destruction - acid, sandblasters, etc.
2) NSA-Approved Whopping Big Magnets
3) NSA-Approved Hopefully-Bugfree computer programs for some computers.

The most secure methods were the unclassified ones - after we
sandblasted our RM05 disk packs, the NSA and KGB can't read anything.
The less secure methods are the ones that require NSA approval -
how strong  is a Whopping Big Magnet this year?  (Too strong to put 
near MY computer lab, thank you! :-)  The answer tells you something
about what the NSA can crack, which they not only don't want known,
they don't want to encourage the KGB to erase their own disks better
or to use the knowledge to become better at reading stolen Yankee disks.
And NSA-Approved computer programs presumably have weaknesses and bugs,
like all computer programs; they carry the risk that Reverse Engineers
can figure out how to find the data the NSA missed.

But shredding the floppy?  No need to classify that, no secrets leaked
by saying "Yeah, if you dissolve the magnetic film in acid we can't
read anything on the etch marks in the mylar."  
It's Dumb and Safe (as long as you do the paperwork to make sure
that you know which magtapes were fed to the shredder, which ones
were overwritten with other RILLY SEKRET DATA, and which ones were
stolen by the Tape Drive Repair Truck driver.)

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 [email protected]
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto