Wiping data from drive question

Discussion in 'Computer Security' started by Doofus McFly, Jun 14, 2006.

  1. Doofus McFly

    kony Guest


    You claim they have very clear descriptions so you must have
    seen at least one such description. You don't have any
    evidence do you?

    Again my point is valid, encryption IS crackable, the time
    is takes is the issue and there are now agencies that can
    devote substantial processing power to such things.

    Recovery from random multipass overwrites is not and there
    is no credible report that it has been done ever, even one
    time.
     
    kony, Jun 26, 2006
    #41
    1. Advertisements

  2. I have. I just wonder why you're even too stupid to just randomly pick
    one such company, go to their website and browser their section of
    whitepapers.
    So what? It's not crackable is reasonably finite time.
    So the stories about lasers, raster tunnel microscropes, signal
    modelling and estimation for many $$$ are just by chance?
     
    Sebastian Gottschalk, Jun 26, 2006
    #42
    1. Advertisements

  3. Doofus McFly

    kony Guest

    What a great example of a whole lot of words without any
    contextual significance at all.

    It is a FACT that encryption is broken, and this is why we
    don't have 8 bit, or 64 bit, etc, anymore... because it is
    never a matter of whether it can be done, only the average
    time it would take to crack. It becomes extremely relevant
    how many resources the entity looking to crack it can
    devote.




    Yes, one pass zero fill, "maybe" one pass random.
    NOT multipass random. Show us ONE, even ONE that can.


    Not fifty, try 4. They cannot recover 4 random overwrite
    passes. Probably not 2 but I think prudence dictates at
    least 3 or 4.

    Keep in mind, this is a drive that was already being used.
    We don't have that hypothetical "perfect" scenario where
    there was a 1.0000 bit, then a 0.0000, or a 0.9995, we also
    have random deviations with every bit written, such is the
    nature of a fine granularity analog medium for digital data.
    That is possible. Depends on what it is and how anxious the
    crack team is. Same could be said about overwriting though,
    that if the day comes that someone can recover from 3 pass
    ovewrites, the data will be ancient history at that point if
    the medium itself hadn't degraded beyond the point of
    integrity too.

    I never suggested "don't do encryption". The safest course
    would be both, but neither is a replacement for the other in
    certain risk scenarios.


    Are you assuming they can't get the key instead? That would
    seem a bit premature. If the creator can access it, so can
    anyone else. If you only think inside the box you have to
    solve the problem the obvious way.



    Perhaps you need to pause for a moment and consider that if
    you only consider one set of details, odds are good you are
    not comprehensively assessing the situation.

    It's not a matter of debate, you'd have to have something to
    debate which you do not. Encryption has at least two
    methods of being broken- find the key or find the key. The
    difference is where you look, through attacks or for the
    source of that key.
     
    kony, Jun 26, 2006
    #43
  4. I guess quite the contrary holds: They went to down from 50 to
    approximately 2-4 passes with increasing storage capacity and lower
    signal-noise ratios. Still there's no reason why this should be
    attributed to their techniques, because the real specialists (that you
    cannot afford) don't care much for signal estimation but rather slow
    high-resolution scanning to find rests of the data where the write head
    rarely reaches.
    Guttmann's work, even though being scientifically correct, has been
    heavily misinterpreted all the time.

    And as Guttmann wrote, there's no need for randomness as the overwrite
    is done by the random noise introduced on a write of any kind.
    "You're a pedophile."
    "Got a problem with that? ;-D"
     
    Sebastian Gottschalk, Jun 26, 2006
    #44
  5. Got jealous?
    Eh... could we please discuss about THIS reality and not yours?
    What a great example of a whole lot of words without any contextual
    significance at all.
    What a great example of a whole lot of words without any contextual
    significance at all.
    The randomness doesn't have any effect at all.
    Huh? Don't think in terms of signal strength, better think in terms of
    area and signal distribution.
    You're pretty much outdated. Today a signal change on flux reversals can
    merely be recognized, that's where encoding, error correction and signal
    estimation are introduced.
     
    Sebastian Gottschalk, Jun 26, 2006
    #45
  6. Doofus McFly

    kony Guest

    Nonsense. You'd have presented proof of your claim if you
    had any. There is no point in my searching for something
    that does not exist. I'd not search for a McDonald's
    restaurant on the moon either if you claimed there was one.

    Depends on the level, and the method. You are possibly only
    thinking "try to randomly resolve the key". How about raid
    offices, seize property and interrogate those who have or
    can get the key?

    With only encryption, the data may be safeguarded but it IS
    STILL THERE. Unlike the random multipass overwritten data
    which is actually GONE.

    Are these in the same book as the stories about green men in
    spaceships? You'll have to be a bit specific if you want
    random claims to be considered. So far you can't even
    support your core argument that anyone, anywhere, EVER has
    been able to recover the data from the overwrites.
     
    kony, Jun 27, 2006
    #46
  7. Doofus McFly

    kony Guest

    No, it's just sad that you can't stick on the topic. What a
    waste of time this was.
     
    kony, Jun 27, 2006
    #47
  8. Doofus McFly

    John Guest

    In an effort to simplify this discussion, does anyone know of a single
    situation in which wiped data has been accepted as evidence in a court
    of law. I am talking about any case, civil or criminal, at any level
    of the judiciary system or even in a court outside the U.S.

    If you do do, please be specific about the details. If this has
    occured then we have something to work with. Otherwise, we are just
    speculating about what might be possible.

    John
     
    John, Jun 27, 2006
    #48
  9. Now what about not just reading, but also understand and thinking about
    what I wrote?

    This has nothing to do with cryptography.
    It isn't gone.
    No. It's well known science since about the early 80s.
    Hello and welcome to the reality past 80s. There have been hundreds of
    papers about how one can successfully retrieve data from a magnetic or
    magnetooptic media after overwrite. You can easily find the on the intarweb.
     
    Sebastian Gottschalk, Jun 27, 2006
    #49
  10. Doofus McFly

    kony Guest


    No, only after one single pass fill.

    Can't you differentiate between doing something
    insufficiently and doing it right?
     
    kony, Jun 27, 2006
    #50
  11. Not just one pass, multiple passes.
    Can't you differ between insufficient and inapprociate? Even 10000
    overwrites won't help you anything against data remnants in the track edge.
     
    Sebastian Gottschalk, Jun 27, 2006
    #51
  12. Doofus McFly

    kony Guest

    Clueless.

    How did you think those "remnants" got there in the first
    place? Same way they'll be made unrecoverable- by WRITING
    to the drive a few times.
     
    kony, Jun 28, 2006
    #52
  13. I've read data off a so called wiped drive by switching controllers.
    Not that big a deal. And I've recovered a floppy disk by swapping out
    the disk with another sleeve.

    If you think Big Bro can't see everything you've tried to wipe from a
    drive your an idiot.
     
    Borked Pseudo Mailed, Jun 28, 2006
    #53
  14. Doofus McFly

    kony Guest


    Define "so called wiped drive".
    We're not talking about some kind of similar thing, rather
    multipass random overwrites. Credentials too, please, since
    anyone can claim they did any lofty thing like flew to the
    moon and back.
     
    kony, Jun 28, 2006
    #54

  15. Get stuffed. You know as well as anyone that
    people who have the credentials and experience
    and resources to read traces of so-called "wiped"
    drives won't reveal their techniques nor identities
    to the likes of you or this newsgroup.

    Suffice it to say that articles written and available
    to the public by authors who interviewed government
    contacts say that there are magnetic domains which
    spill out between the magnetic tracks - especially if
    a read/write head or armature is mis-aligned or worn -
    so that with specialized (and very expensive and one-
    of-a-kind equipment) these "spill-overs" can be read,
    albeit very slowly and laboriously. Sometimes these
    domains can be made visible, and thus be read, by
    a microscope, such as depicted recently in IBM's
    announcement about its new high density magnetic
    tape.

    Don't start in on how this can only be done by
    technical means employed by agencies of 1st-world
    governments. The discussion is about what *can* be
    done, not about what is *likely* to be done. For a
    middle class individual just hiding tax returns or gay
    porn, multiple overwrites should suffice. But don't
    go asking for references and documentation when
    you well *know* that it cannot be forthcoming by
    anyone.

    *TimDaniels*
     
    Timothy Daniels, Jun 28, 2006
    #55
  16. Doofus McFly

    Alun Jones Guest

    Correct - all you have to do is spend a few billion dollars on the
    technology, and then wait a few billion years while it brute-forces the
    algorithm... Anyone can do it.

    Alun.
    ~~~~
    [Please don't email posters, if a Usenet response is appropriate.]
     
    Alun Jones, Jun 29, 2006
    #56
  17. Doofus McFly

    kony Guest


    Pretty big assumptions. You'd have to assume the data had
    strong encryption but more important, that the entity trying
    to recover it was somehow required to brute-force it.

    Surely you're clever enough to think of a couple other ways
    that data can be recovered going the other direction, the
    source of the key.
     
    kony, Jun 30, 2006
    #57
  18. Doofus McFly

    Alun Jones Guest

    Hey, if we're allowed to make assumptions that we can get the source of the
    key, why don't we just assume that we can get the data itself? No point
    having the argument.

    When weighing protection mechanisms, you have to weigh what good they are
    when properly applied, and what good they are when loosely applied. Someone
    who's going to be loose with their private key is going to be the same sort
    of person who would screw up a random overwrite, so the data's pretty much
    lying there in plain sight anyway. Assume an idiot is using the protection
    scheme, and there's no protection scheme worth anything.

    Alun.
    ~~~~
     
    Alun Jones, Jun 30, 2006
    #58
  19. Doofus McFly

    kony Guest


    "Be loose" isn't the only issue.
    Do you ever leave your office? Is your confidence in your
    office security as high as in your encryption? How about
    your home security? How about in the car, or anywhere else?

    There are lots of ways people who use encryption can be
    tripped up because they had a false sense of security.
    Again I have never argued NOT to use encryption but rather,
    it is not so foolproof and only one method of safeguarding,
    but not ultimately destroying, data.
     
    kony, Jun 30, 2006
    #59
  20. Doofus McFly

    Alun Jones Guest

    So is overwriting. The fact that you refuse to understand or accept the
    mathematics does not prevent the truth.

    The only foolproof method is never to create the data in the first place.

    Alun.
    ~~~~
     
    Alun Jones, Jul 2, 2006
    #60
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.