Full Disclosure mailing list archives
Re: erase with magnet
From: Seth Fogie <seth () fogieonline com>
Date: Mon, 05 Apr 2004 12:39:32 -0400
Glad you mentioned the Gutman note.The subject is Magnetic Force Scanning Tunneling Microscopy and deals with very low level extraction of data. I looked into this a few months ago and asked Peter Gutman about it and this was his response:
"...with newer PRML/EPRML drives it's unlikely you can still recover much, and the drives in use at the time I (Peter Gutman) wrote the article (early-mid'90s) have mostly
fallen out of use."This is actually stated at the bottom of his article online at http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html where he states:
" In the time since this paper was published, some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques. As a result, they advocate applying the voodoo to PRML and EPRML drives even though it will have no more effect than a simple scrubbing with random data. In fact performing the full 35-pass overwrite is pointless for any drive since it targets a blend of scenarios involving all types of (normally-used) encoding technology, which covers everything back to 30+-year-old MFM methods (if you don't understand that statement, re-read the paper). If you're using a drive which uses encoding technology X, you only need to perform the passes specific to X, and you never need to perform all 35 passes. For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do. As the paper says, "A good scrubbing with random data will do about as well as can be expected". This was true in 1996, and is still true now."
His article is a very interesting read :) Seth Valdis.Kletnieks () vt edu wrote:
On Sat, 03 Apr 2004 11:09:34 CST, Michael Cecil <macecil () comcast net> said:If you want to sanitize a drive and then reuse it, use a overwriting tool such as Autoclave <http://staff.washington.edu/jdlarios/autoclave/> or Eraser <http://www.heidi.ie/eraser/> and use the overwriting setting recommended by Gutmann <http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html>.Two notes: 1) Gutmann's 35 passes were devised to stress the recording methodologies of the day. Many of them are for encoding schemes not used anymore. 2) Canadian RCMP TSSIT OPS-II says: "Must first be checked for correct functioning and then have all storage areas overwritten once with the binary digit ONE, once with the binary digit ZERO and once with a single numeric, alphabetic or special character, " (http://jya.com/rcmp2.htm) American DoD 5220-22.M says: "Overwriting all addressable locations with a character, its complement, then a random character and verify." This is permitted for classifications up to SECRET. It is not acceptable for TOP SECRET and higher. I have to conclude that *our* spooks are of the opinion that even 3 passes are sufficient to wipe out data thoroughly enough so that it's not worth it for the *other* spooks to try recovering 'Secret'...
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: erase with magnet, (continued)
- Re: erase with magnet Kurt Seifried (Apr 03)
- RE: erase with magnet Jeff Schreiner (Apr 03)
- Re: erase with magnet Maarten (Apr 04)
- RE: [inbox] Re: erase with magnet Exibar (Apr 04)
- Re: [inbox] Re: erase with magnet Maarten (Apr 04)
- RE: [inbox] Re: erase with magnet Exibar (Apr 04)
- Re[2]: [inbox] Re: erase with magnet phased (Apr 04)
- Re: erase with magnet Phaze 7 (Apr 05)
- Re: erase with magnet Valdis . Kletnieks (Apr 05)
- Re: erase with magnet Tomasz Konefal (Apr 05)
- Re: erase with magnet Seth Fogie (Apr 05)
- Re: erase with magnet Cedric Blancher (Apr 04)
- Re: erase with magnet Riad S. Wahby (Apr 03)
- Re: erase with magnet Riad S. Wahby (Apr 03)