[28761] in bugtraq
Re: Putting the "NSA Data Overwrite Standard" Legend to Death...
daemon@ATHENA.MIT.EDU (Brian Hatch)
Tue Feb 4 18:48:49 2003
Date: Tue, 4 Feb 2003 15:20:09 -0800
From: Brian Hatch <bugtraq@ifokr.org>
To: Simple Nomad <thegnome@nmrc.org>
Message-ID: <20030204232009.GM30028@ifokr.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="Er/3qITiDpnrteFh"
Content-Disposition: inline
In-Reply-To: <Pine.LNX.6.66.0302041137470.31132-100000@www.nmrc.org>
--Er/3qITiDpnrteFh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
> Near as I can tell if someone says they are doing NSA overwrites, they are
> full of shit. In addition, based upon Mr. Gutmann's paper and the fact
> that it is quite old, one can assume that with advanced forensics the
> simple 3, 7, or 9 time overwrites that these products are claiming as
> secure actually are not even close to the level of security they claim. In
> fact, by following this "glossy brochure" de facto standard, data is not
> secured from recovery by an advanced recovery effort at all.
And worse yet, your data may well live in other places aside from the
official blocks on the disk. If you're using a journaling file system,
your data was probably written to the journal before going to the
final blocks. If the data was read by a process that swapped, your
swap partition may contain a copy of the data. If the filesystem
layer decided to move your data around on the physical disk for
some reason then the original location will not be overwritten by
our standand 'write junk x times' method.
To my knowledge there is no 100% guarenteed method to delete your
bits irrevocably from the hardware without writing over the
entire disk[1], not just the parts officially allocated to the file
at any given time.
[1] multiple times with different data each time, as meantioned before.
--
Brian Hatch "Cannot say. Saying I
Systems and would know. Do not know,
Security Engineer so can not say."
www.hackinglinuxexposed.com
Every message PGP signed
--Er/3qITiDpnrteFh
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAj5ASqkACgkQidaA3abfMorVNwCeOmFvxseZPRnEEdPPxRTztO1o
KQIAniupFqDWXtUsWit4/EQv+7hgrDWg
=ZTPV
-----END PGP SIGNATURE-----
--Er/3qITiDpnrteFh--
