Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Peter Gutmann data deletion theaory?

from [dave kleiman] Network Security [Permanent Link]
Subject: RE: Peter Gutmann data deletion theaory?
Date: Sun, 24 Jul 2005 15:30:30 -0400 
Here is a quote directly from Peter I received Saturday, he asked to have it
passed on to the list.

--------------Snip-------------------------

I'd love to hear some thoughts on this from security and data experts
out there.


People should note the epilogue to the paper:

  Epilogue

  In the time since this paper was published, some people have treated the
35-
  pass overwrite technique described in it more as a kind of voodoo
  incantation to banish evil spirits than the result of a technical analysis
  of drive encoding techniques.  As a result, they advocate applying the
  voodoo to PRML and EPRML drives even though it will have no more effect
than
  a simple scrubbing with random data.  In fact performing the full 35-pass
  overwrite is pointless for any drive since it targets a blend of scenarios
  involving all types of (normally-used) encoding technology, which covers
  everything back to 30+-year-old MFM methods (if you don't understand that
  statement, re-read the paper).  If you're using a drive which uses
encoding
  technology X, you only need to perform the passes specific to X, and you
  never need to perform all 35 passes.  For any modern PRML/EPRML drive, a
few
  passes of random scrubbing is the best you can do. As the paper says, "A
  good scrubbing with random data will do about as well as can be expected".
  This was true in 1996, and is still true now.

  Looking at this from the other point of view, with the ever-increasing
data
  density on disk platters and a corresponding reduction in feature size and
  use of exotic techniques to record data on the medium, it's unlikely that
  anything can be recovered from any recent drive except perhaps one or two
  levels via basic error-cancelling techniques.  In particular the the
drives
  in use at the time that this paper was originally written have mostly
fallen
  out of use, so the methods that applied specifically to the older, lower-
  density technology don't apply any more.  Conversely, with modern high-
  density drives, even if you've got 10KB of sensitive data on a drive and
  can't erase it with 100% certainty, the chances of an adversary being able
  to find the erased traces of that 10KB in 80GB of other erased traces are
  close to zero.

Peter.

--------------Snip-------------------------


Dave Kleiman
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Peter Gutmann data deletion theaory?, Casper . Dik
Next by Date:  Re: [BugTraq] Peter Gutmann data deletion theaory?, Volker Kuhlmann
Previous by Thread:  Re: [BugTraq] Peter Gutmann data deletion theaory?, Volker Kuhlmann
Next by Thread:  RE: Peter Gutmann data deletion theaory?, Jeremy Epstein
Indexes:  [Date] [Thread] [Top] [All Lists]