Security Basics mailing list archives
RE: 51% can be enough Was: Wiping a drive
From: "Murda Mcloud" <murdamcloud () bigpond com>
Date: Fri, 17 Oct 2008 07:27:05 +1000
In agreement with Olatunji on the maths here. The fact that you have that kind of chance of recovering 1 bit makes people think-'hey, I could recover a single bit with a .49 chance. Cool. Now I can get back all of the data,' However, as Olatunji says, as you try and recover more bits the chance plummets pretty quickly. Recover a whole drive? I'll believe it when I see it. Recover even a file or two? Chance of 8 bits = how small? How many bits on a 40Gb drive? I don't know but I've already lost count. If someone disagrees with this can they please point to a 'valid, peer reviewed' paper or some research that holds up the theory that you can recover a zeroed drive. (Just like Ansgar asked the last time we had this discussion.) Somewhere where the guys in the clean room say, "last week we were sent this drive that had been zeroed and now we have all of the data that once upon a time lived on it even up to three generations ago. And here it is," I don't think Craig is 'misleading' when he states:
The simple answer is that it does not matter. A single wipe (done correctly) will make it infeasible for ANYONE (even governments) to recover information.
And I'd rather put my money on his paper setting the facts out straight than I would on someone being able to recover even 8 bits of contiguous data. I'd even rather put money on being able to guess 8 coin flips the right way. Mathematically unfeasible is the thing to think about here. Unless of course someone can tell me that a 3 letter agency has this recovery ability already but has kept it a secret because it involves technology found at Roswell which was developed by Fox Mulder. Then I will be completely convinced and will wear a tinfoil hat on my head with a big P on it.
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Olatunji Nowlin Sent: Friday, October 17, 2008 1:44 AM To: Alexander Klimov; security-basics () securityfocus com Subject: RE: 51% can be enough Was: Wiping a drive I think he is stating that there is a 49% of correct recovery of EACH individual bit on the drive. My math could be rusty after all these years, but that would mean the chance of getting any two bits correct is 0.49*0.49 or 0.24 (24%), when you work that out to getting 8 bits correct it comes out to something like 0.00332 or 0.33% chance of getting a single byte correct on the drive. When you have a 0% chance of getting one single byte correctly recovered I think the chances of recovering anything useful off of the drive are NIL. I still have to read the actual document but this is my interpretation from the mail that was sent. ________________________________________ From: listbounce () securityfocus com [listbounce () securityfocus com] On Behalf Of Alexander Klimov [alserkli () inbox ru] Sent: Wednesday, October 15, 2008 3:47 PM To: security-basics () securityfocus com Subject: 51% can be enough Was: Wiping a drive On Wed, 15 Oct 2008, Craig Wright wrote:Even at 92% per bit, the recovered data is useless and random. This is detailed in the paper mentioned before. At 49% - this is a modern drive - the toss of a coin is more accurate.Not sure what are exactly these numbers, but if it is probability of correct recovery than they are not necessary useless. Suppose you edit a text document and your editor automatically makes a backup copy of it every five minutes. Even if backup is done with the same filename, with journaling filesystems you end up with many dozens of copies of the file content on your disk. Now, if locations of backups are predictable (the document is long enough to make correlations sufficiently large), it is possible to recover the document even if you can read every bit with 51% success rate (btw, the probability cannot be less than 50%, because in that case you should always guess the opposite) -- simply count what bit value among copies is recovered more often. Btw, the standard way to wipe disk on Linux is to use shred that is a part of coreutils that are already installed on almost every Linux system. -- Regards, ASK
Current thread:
- Wiping a drive: /dev/zero or /dev/urandom better? JW (Oct 14)
- RE: Wiping a drive: /dev/zero or /dev/urandom better? Weir, Jason (Oct 14)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Adam Gibbins (Oct 15)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Adriel Desautels (Oct 14)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Craig Wright (Oct 15)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Craig Wright (Oct 15)
- 51% can be enough Was: Wiping a drive Alexander Klimov (Oct 16)
- RE: 51% can be enough Was: Wiping a drive Olatunji Nowlin (Oct 16)
- RE: 51% can be enough Was: Wiping a drive Murda Mcloud (Oct 16)
- RE: 51% can be enough Was: Wiping a drive Alexander Klimov (Oct 20)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Craig Wright (Oct 15)
- RE: Wiping a drive: /dev/zero or /dev/urandom better? Weir, Jason (Oct 14)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Razi Shaban (Oct 16)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Ansgar Wiechers (Oct 16)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Roman Fulop (Oct 15)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Eric Kollmann (Oct 15)