[39976] in bugtraq
Re: RE: Peter Gutmann data deletion theaory?
daemon@ATHENA.MIT.EDU (Simple Nomad)
Thu Jul 28 14:26:42 2005
Date: Thu, 28 Jul 2005 00:33:28 -0500 (CDT)
From: Simple Nomad <thegnome@nmrc.org>
To: Ron van Daal <ronvdaal@n1x.nl>
Cc: bugtraq@securityfocus.com
In-Reply-To: <20050723221442.O34923@zarathustra.linux666.com>
Message-ID: <Pine.LNX.4.61.0507280021270.31682@talon.nmrc.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
On Sat, 23 Jul 2005, Ron van Daal wrote:
>> We were not allowed to do a seven pass government wipe to dispose of the
>> drives as our security people deemed it inadequate, we turned them over to
>> our classified waste people who stored them until there were enough to
>> justify having the platters removed and mechanicaly beaten into little
>> lumps of metal.
There is no 7 pass government wipe. It is a 3 pass wipe. It is referred to
as a 7 pass wipe because an app that did a 7 pass wipe passed govt muster
and was purchased. Odds are that if it had done it in 3 wipes it would
have still passed. If a vendor is saying "we do a 7 pass govt wipe" ask
them if one of those passes involves *verifiying* the writing of random
data, and if one of the passes in the inversion of another wipe (i.e. a
wipe with 0x0f and a wipe with 0xf0) to the drive. If not, it won't pass
that "government standard" I referred to in another post a few days ago.
> Aren't you being too paranoid? I think a simple zeroing out of your entire
> drive using dd(1) starting with the first sector is enough to cover your
> privacy. I don't know about other ""secret"" government agencies in NL or
> other counties who actually do microscopic magnetic recovery efforts, but
> dd(1) does the trick to defeat disk analysis by our national digital crime
> unit. From what I've read in one of their internal memo's is that they just
> use a hexdump(1) alike utility to find any non-zero bytes on the drive to
> conclude "the drive has been wiped entirely".
I basically agree with this. If any government can recover data via some
ninja electron microscope fu, odds are it is a state secret and they
wouldn't reveal they got your data nor reveal it in court (then it
wouldn't be a state secret anymore...) so it truly is a moot point, unless
the recovered data makes you an enemy combatant or something. Again, we
really have covered this topic several times here.
-SN, fairly drunk in Vegas so hopefully this made sense....
