Wiping data from drive question

Discussion in 'Computer Security' started by Doofus McFly, Jun 14, 2006.

  1. Doofus McFly

    Leythos Guest

    It appears that the DOD and NSA don't agree with you or him then.
     
    Leythos, Jun 15, 2006
    #21
    1. Advertisements

  2. Doofus McFly

    kony Guest


    It is always the case that we are re-inventing the wheel it
    seems. There has always been the acknowledgement that only
    overwriting the same digit (0 or 1) leaves a remnant, the
    signature of the prior bit. This has actually been shown
    detectable. AFAIK, it has never been shown that any data
    was recoverable after a very few passes of (true) random
    write.

    Can the DOD go overboard? Of course, who can't? Far easier
    to suggest that someone else goes to extra trouble do to
    the unknown... there was a time when sailors thought they
    might sail off the edge of the earth too but later we
    realized it was round, not flat.
     
    kony, Jun 15, 2006
    #22
    1. Advertisements

  3. Doofus McFly

    imhotep Guest

    No. Supposedly, as I have never checked, there could be a "shadow" if, for
    example, a "1" had existed for some time. Overwriting it with a "0" once
    would not remove 100% of the "shadow"....

    Imhotep

    --
    *************************************
    Pass a Net Neutrality Law in the US!!!!

    Save the Internet:
    http://www.savetheinternet.com/

    Its our net:
    http://www.itsournet.org/

    *************************************
     
    imhotep, Jun 16, 2006
    #23
  4. Doofus McFly

    David Lesher Guest


    A useful collection of links on this topic is:

    http://staff.washington.edu/jdlarios/autoclave/

    Be sure and read:

    http://www.simson.net/clips/academic/2003.IEEE.DiskDriveForensics.pdf
     
    David Lesher, Jun 19, 2006
    #24
  5. Doofus McFly

    jsteam Guest

    jsteam, Jun 19, 2006
    #25
  6. Doofus McFly

    Alun Jones Guest

    Consider that your hard drive is a device that reads an analog value and
    turns it into a binary value.

    Starting with a 'blank' drive, every bit reads as analog zero, which
    converts to binary zero.

    Let's say that every time you flip a bit, its new value is 99% of the value
    you're trying to set, plus 1% of the old value. Further, let's say that the
    drive views a 5% or less value as binary zero, and a 95% or more value as
    binary one.

    Take a zero and turn it to a one, and you'll have a value of .99. This is
    read as 1, but is readily readable as "currently one, but was zero last
    time".

    Play games with this kind of thinking, and you see that if drives do indeed
    follow such an analog model, they will be reasonably easy to read after a
    single random write.

    The best solution, if you're in such a market, is to encrypt the hard drive
    at all times.

    Alun.
    ~~~~
    [Please don't email posters, if a Usenet response is appropriate.]
     
    Alun Jones, Jun 25, 2006
    #26
  7. Doofus McFly

    kony Guest

    Except, we're not starting with a new drive and any data
    recovery effort will not know how many times this area has
    been written with any particular value, nor if the analog
    writing process was producing the perfect (but offset) .99
    value or something else, nor how it recalibrates itself as
    it warms up. Already there are too many variables to make
    it simple to recover from one single zero fill.
    Sure, if over simplified that seems obvious. Nobody has
    suggested to only do a one pass with only zero, or only 1.
    Multiplass random overwrite- nobody has ever claimed
    (AFAIK), let alone proven they could recover even one single
    bit beyond a 50/50 statistical expectation.

    IF it were only the isolated scenario you post, it could be
    true. It isn't ever that scenario without any other
    variables. It is impossible for there to be only that
    scenario, literally impossible to force to happen if one
    tried to do it.

    Yes encryption is another good strategy. I'd sooner bet
    that a multipass random overwrite made the data more
    secure(ly gone) than that they'd never be able to break the
    encryption, so I would only consider the encryption suitable
    for different kinds of threats if used alone.
     
    kony, Jun 25, 2006
    #27
  8. There's one really important issue that's being overlooked here though,
    and that's the quality of the hardware used to do these read/write
    operations, and the quality (and theoretical limits) of hardware that
    might be available to someone else.

    The heads in a consumer grade drive are, well, consumer grade. They're
    designed and built to "good enough" standards that give users an
    expectation of data integrity, at minimal cost to the manufacturer.
    Consequently they're not as accurate, or as sensitive/powerful as what
    someone with specialized equipment might have.

    All the math and probability in the universe flies out the window if
    your data can be read at the edges of a track, or more sensitive
    equipment is used to detect the subtle differences between a sector
    with a one that's been overwritten with a zero, and a zero that's been
    overwritten likewise. Things your consumer grade heads just aren't
    capable of doing, but things that are possible none the less.

    This is how "clean room" data recovery businesses make their big money,
    by the way. The equipment is expensive, the sanitation is meticulous,
    and the people are well trained, and they're an effective combination.
    Encryption is the only *good* strategy. Data wiping is essentially
    useless unless you use specialized equipment. With whole disk OTFE it
    doesn't matter.
     
    George Orwell, Jun 25, 2006
    #28
  9. Doofus McFly

    Alun Jones Guest

    You didn't do Fourier Analysis at college, did you?

    Okay, let's see now.

    No matter what the bits have been doing before the write prior to the last
    one, a value of .99 to .9901 indicates that the bit was zero before its
    current value of one, and a value of .9999 to 1 indicates that it was one
    before its current value of one.

    That's assuming that the percentages I described are applied exactly, but as
    you can see, there's no overlap between the values - there's a significant
    gap between .9901 (the upper end of "0 turned to 1") and .9999 (the lower
    end of "1 turned to 1").

    With appropriate statistical analysis, and the ability to read the analog
    values to a great degree of accuracy, you find that you can accurately
    determine the lifetime of a bit on the drive - not to the point where you
    can say what the bit was last Tuesday, but to the point where you can say
    "before its current value, it went through these sets of values".

    Not the sort of thing you'd want to do if you're looking for credit cards
    (they're far easier to fish out of the local landfill), but if you're
    searching for national secrets, maybe you'd want to waste a mathematician or
    six on this kind of a task.

    Alun.
    ~~~~
    [Please don't email posters, if a Usenet response is appropriate.]
     
    Alun Jones, Jun 25, 2006
    #29
  10. Doofus McFly

    kony Guest

    That would also suggest a higher random deviation between
    subsequent writes of same bit. The issue is never the
    quality of the equipment used to attempt recovery (if we are
    being thorough, we will assume that it can't only matter
    what could be recovered with today's technology but "ever"
    whether there is actually any pattern remaining to the
    rewritten random data.


    Of course, but data recovery is not meant nor does it claim
    to recover from multipass random overwrites. No matter how
    good the equipment, personnel or method, there has to be a
    statistically significant remnant of the *real* data. Is
    that real data 3 rewrites past, or 6? No way to know and it
    will vary per every single location on the platter. The
    more the variables are considered, the more there are that
    interfere with recovery onto the point where not only has
    nobody ever claimed they did it (with enough credibility and
    proof to be considered reliable), nobody has ever even
    accounted for all the variables and described how to tackle
    them.

    That a bit can be overwritten once and retain a hint at the
    prior value is just the tip of the iceburg.


    Nonsense. "IF" the data were recoverable (including
    encrypted), a sufficient farm of computers could break
    encryption sooner than doing the impossible. We at least
    know how to break encryption, the issue there is just time
    (processing power).
     
    kony, Jun 25, 2006
    #30
  11. Doofus McFly

    kony Guest

    Already wrong.

    We cannot assume a value of .99. Someone doing recovery
    cannot assume a disk had nothing, then only one "perfect"
    write of "1.00" the last time. Even the very first write
    (value) is a variable, and even as that write proceeds the
    very FIRST time, the value will change based on drive
    self-calibration.


    .... then you contrive a false scenario invalidating anything
    after.
    Only applicable in a universe where the only variables are
    those you concede to exist.


    .... if ignoring the vast majority of the information, using
    only a non-applicable over simplified presumption.
    Something nobody has ever been able to do. At most they
    might predict what the last value was, but that alone is
    useless.
     
    kony, Jun 25, 2006
    #31
  12. kony wrote:

    Actually I'd say lower. As as efficiency decreases, so does the ability
    to "overpower" those random deviations.
    That's why I tried to include "thoretical" equipment in my opinion. :)
    That's the point exactly. When moving the media to a more sensitive
    environment those statistical differences become skewed in favor of the
    new equipment *because* the scale you're using to measure the
    difference has changed significantly. What's statistically
    insignificant to a less efficient read head, may be glaringly obvious
    to "pro" grade heads simply because the operation was performed with
    the lower quality equipment.
    You're assuming there are farms big enough to break encryption, and
    that data recovery is impossible. Math and common sense tell us quite
    the opposite is true. We know for a fact that data can be recovered
    from "wiped" disks because people are doing it right this moment
    (within limits), and that every computer in existence farmed together
    won't break strong encryption in any practical amount of time unless
    your data is literally ageless.

    There's also questions about the competence of drive wiping methods and
    whether they actually wipe everything that needs wiped, let alone do it
    to an unrecoverable degree.

    The science and fact of the matter both say encryption is by far the
    more secure choice, and consequently the *only* choice for anyone whose
    serious about protecting their data.
    The issue with recovering wiped data is exactly the same. The difficulty
    of the solution to the former is accepted to be beyond the capability of
    any modern entity. The difficulty of the solution to the latter is in
    serious doubt.
     
    Non scrivetemi, Jun 25, 2006
    #32
  13. Doofus McFly

    Alun Jones Guest

    We've already established that you don't have the mathematical tools to do
    the full version of this, so I simplified it for you.

    Now you're trying to make it more complex, and you assume that the mere
    addition of complexity completely ruins the idea.

    Okay, go do the math for yourself. Figure it out. Learn something. But
    don't just come back and tell me I'm wrong unless you actually have a
    demonstration of the mathematics. I had hoped you'd understand enough to
    see that a zero followed by a one results in .99 to .9901, plus 0 to .000099
    of previous bits, and that this isn't significant when comparing .99 against
    ..9999.

    Come back when you've learned some mathematics.

    Alun.
    ~~~~
    [Please don't email posters, if a Usenet response is appropriate.]
     
    Alun Jones, Jun 26, 2006
    #33
  14. Doofus McFly

    kony Guest

    Not at all. NO ONE has ever demonstrated they can recover
    data after random multipass. EVERYONE (that is at least
    competent) can break encryption given the time and/or system
    resources to do it.


    Yes, "limits" is the key. Some simple wipes can be
    recovered, and is exactly why a "simple wipe" is not used, a
    multipass, *true* random write is.
    Depends on what you consider strong, and how bad they want
    it. Computing power has risen substantially in the past few
    years, as well as knowledge in setting up computing farms.
    There is also a bit of a falsehood in some circles that
    tries to describe the strength of encryption by how long it
    would take to try ALL possibilities, rather than a median #
    or considering that 1 in 10, might be broken in 10% of the
    time.


    No there isn't... except possibly in your own mind. The one
    area where it might be a problem is when a drive has bad
    sectors that are remapped, once that sector is removed from
    use it might be possible to read remnants in it. This could
    be a real problem but statistically speaking, that a drive
    would have enough, and sensitive enough, data AND that the
    already pronounced "bad" sector would be recoverable later
    are pretty low risks, but nevertheless present. On the
    other hand if the data is that important, odds are probably
    higher that any number of other methods would be used to
    attain it, not trying to recover from the HDD at all.


    Nope, unless you ignore all science and fact. It is
    disturbing that you use words like "science" and "fact" when
    you are going so far in the opposite direction.

    FACT is, encryption is broken in a matter of time, it has
    been done and is being done right now, nevermind the types
    of encryption where there's a backdoor.
    FACT is, mulitpass random overwrites have not been reported
    as recovered. Show us evidence that it has by any credible
    source, this is the beginning of collecting data towards
    your so-called "science" and "fact".

    You need desperately to learn what science and fact are!
    Data recovery is hardly as important an issue as learning
    basic fundamentals like these.
     
    kony, Jun 26, 2006
    #34
  15. Doofus McFly

    kony Guest

    We've already established that you don't know, too.

    You ignore all the variables that prevent recovery when you
    simplify it.

    Consider this- ANYTHING seems easy, possible, etc, if over
    simplified. Want to fly to Pluto and have a picnic? Jump
    on a rocket, pack a lunch and tablecloth. Seems pretty
    simple if you ignore all the significant issues.

    Same thing applies here, you only consider an OVERsimplified
    (onto the point of being untrue in itself except as a model
    for an introductory example) description.

    PS- don't pretend you have mathmatical tools or Fourier
    Analysis will help. You are a fool which has become vain
    through method and can't now see you lack the INFORMATION to
    process with your math and analysis.

    No amount of nonsense changes the basic fact that you do not
    understand the details involved. If you did, if you were
    considering them and could have confidence it was
    comprehensive enough information, THEN do your ideas about
    analysis make sense.

    There is no valid analysis when one reads two facts then
    stops collecting information while there is clearly more to
    know.
     
    kony, Jun 26, 2006
    #35
  16. So the laws of physics don't apply if you don't want so?
    Both the "multipass" and "true" don't affect the process at all.
    man reliability
    About any big data recovery vendor has very clear description on how
    this is done.
    What about you first learning the basic of Usenet, you asocial mail
    address faker?
     
    Sebastian Gottschalk, Jun 26, 2006
    #36
  17. Doofus McFly

    Rick Merrill Guest

    It's true, but only with very expensive specialized equipment.
     
    Rick Merrill, Jun 26, 2006
    #37
  18. Doofus McFly

    kony Guest

    I see you are just trolling. What was the point?
    We DO in fact know that what I wrote was correct, encryption
    is broken and this is the whole reason why people kept going
    to higher encryption, not because it's unbreakable but
    because it merely takes longer.

    If you think of a hacker somewhere or a local computer shop,
    of course they will not have the resources to decrypt
    (perhaps a clever hacker with enough bots could get them all
    to work on it, but in general this is an unrealistic idea
    until there is precedent). On the other hand, if you are
    considering someone with the technical ability to do a low
    level examination of the disc surface with precision
    equipment already, you could expect a similar level of
    devotion to attacks on encryption.



    Oh? Link one that claims to recover from multipass random
    overwrites.

    On the other hand, decryption is a know art, 'tis merely the
    time to do it.
     
    kony, Jun 26, 2006
    #38
  19. Sorry, you've already been spotted doing so way earlier.
    I don't know this and neither is it correct.
    And you stupid fool don't want to recognize that there are limits on
    calculation power by facts of physical reality.

    Now how many universes' energy would you need to bruteforce a key of 256
    bit length even if we developed a super technology that would only
    require every billionth calculation step being thermically stable? How
    long would it take on a universe sized computer with a speed of 500
    Exa-Hertz?
    And neither will a very very very very very powerful attacker.
    Uh, is your Google defective?
    And the point is that even knowing what bruteforce is won't help you. On
    the other hand, data recovery is a known art and science...
     
    Sebastian Gottschalk, Jun 26, 2006
    #39
  20. You've got everything completely bass ackwards. Like you asked yourself
    the question "how wrong can I be", then solved it.

    You saying encryption can be broken is like you saying you're going to
    have consensual sex with Angelina Jolee some day because you plan to
    dig up her corpse and there's no way the bitch can say no then. You
    might be factually correct in your own queer way, but the rest of the
    world realizes your "facts" are perverse and meaningless.

    OTOH, specialized data recovery houses are reading data from "wiped"
    drives right now, today, as we speak. They might not have attained a
    level of competence that lets them crack 50 passes, but they've
    certainly gone from zero to half a dozen or so in a couple years. That
    means Guttman's work will likely fail in your child's lifetime, if not
    yours.


    What we know about strong encryption tells us that unless your secrets
    are on par with the keys to universal dominance or destruction they're
    going to be useless long before anyone can discover them.

    Your bloviations regarding "anyone cracking encryption" are patently
    false because no "body" can crack encryption. Their great great great
    great ad nauseam grand offspring might get the job done *if* their
    ancestors remember to include the data and the running cracking
    machines on the pre-apocalypse Earth transport, but no reasonable
    assessment of the problem will lead any sane person to make statements
    like "crackable" in conjunction with acceptable modern encryption
    algorithms.

    I dunno, maybe the calendar is as backward and bizarre as the sex on
    planet Konyonus? Upright walking monkeys here on *this* rock mostly
    agree that scores of years are a lot shorter period of time than
    billions, and boning dead people really isn't fukin' at all.
    What an odd method of debate. You're cherry picking "limits" with
    respect to one method of discovering data, and completely tossing them
    aside in regards to another. In fact you're latching on to limitations
    that are so trivial in comparison to the ones you're discarding that
    your arguments are magically transformed into something resembling
    hypocrisy, Or "asininity" if you prefer.
    *laugh*

    "Depends on what you consider sex...."

    <rest snipped, unread>
     
    Non scrivetemi, Jun 26, 2006
    #40
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.