[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Secure Erase for PCs?
Peter's paper is an interesting overview of data recovery technology. He does
conclude that his 35 write regiment will overwrite all signals on hard disk
media. It would seem that performing the 35 writes multiple times would yield
an securely erased drive. Yet he clearly is not an expert in data recovery, is
organizing others research, and does not provide evidence or tests for his
postulates such as the need for a good PRNG. It would be quite interesting to
send a disk off to a data recovery company after running through Peter's method
with perhaps different parts of the disk treated differently.
Also, the section on RAM talks about data persistance but does not cover
recovery methods other than SRAM power up bias. Nor is the RAM section
referenced. RAM is so active that it would seem little pertinent data could be
recovered if any.
So, in spite of not being an expert myself I am not convinced that any very
well funded entity can recover data that has been overwritten an arbitrarily
large number of times. Of course the relative value of my personal data is low
and my level of paranoia follows. One can not be called reactionary by
recommending a "no-trust" policy.
Reading the paper reminds me how long ago it was that I studied the physics of
microelectronic devices. Yow!
>Bill Frantz ([email protected]) said
>At 8:05 PM -0800 12/9/96, John Fricker wrote:
>>> Though, technically, no disk can be securely erased, my program,
>>
>>Sure it can. Ten overwrites will rendered remnant data obscure. So says the
>>electron microscope waving data recovery experts anyway.
>
>You should really check out Peter Gutmann's paper in the 1996 Usenix
>Security Conference Proceedings. After reading it, I think you will come
>to the conclusion that the only secure data destruction technique, against
>a well-funded attacker, is destruction of the disk. I like thermite myself.
>
>
>-------------------------------------------------------------------------
>Bill Frantz | I still read when I should | Periwinkle -- Consulting
>(408)356-8506 | be doing something else. | 16345 Englewood Ave.
>[email protected] | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA
>
--j
---------------------------------------------------------------------------------
------------------------
| John Fricker ([email protected])
| -random notes-
| My PGP public key is available by sending
| me email with subject "send pgp key".
| www.Program.com is a good programmer web site.
--------------------------------------------------------------------------------------------------------
-