[118435] in Cypherpunks
RE: Steganos - Wiping Data
daemon@ATHENA.MIT.EDU (Lucky Green)
Tue Sep 28 00:23:38 1999
Date: Mon, 27 Sep 1999 21:08:29 -0700
From: Lucky Green <shamrock@cypherpunks.to>
In-reply-to:
<D104150098E6D111B7830000F8D90AE8E62A8B@exna02.securitydynamics.com>
To: "Trei, Peter" <ptrei@rsasecurity.com>,
"'cypherpunks@algebra.com'" <cypherpunks@Algebra.COM>
Message-id: <NDBBIFGOKODBCKDGJDKLGECKCIAA.shamrock@cypherpunks.to>
MIME-version: 1.0
Content-type: text/plain; charset="iso-8859-1"
Content-transfer-encoding: 7bit
Reply-To: Lucky Green <shamrock@cypherpunks.to>
Peter Trei wrote:
> Yep - this is one of our regular topics. I expect that the
> best answer is to *always* use some form of encrypted
> sector SW, so the cleartext is never on the disk (and think
> hard about swap and temporary files).
Amen...
> Peter Guttmann's paper is a good eye-opener, but I've heard
> that even Peter feels that a heavily-overwritten (much more
> than 7 times) disk is probably safe against most opponents.
This all depends on who your set of opponents is. A disk overwritten once is
safe against most opponents when chosen from the set of all possible
opponents to any computer users.
> A single overwrite should, IMHO, protect a target against
> casual and surreptitious scans on most HDs. The logic
> behind this argument is that if it were economic to make
> HDs look at the parallel 'overwritten' tracks, HD
> manufacturers would use this capability to increase
> the capacity of their disks.
Agreed, if you are referring to HD scans performed via the OS.
> Thus, I suspect that reading overwritten tracks requires,
> at the minimum, remounting the platters in special drives
> with non-standard heads and positioning systems. At the
> high end, an opponent could use an Atomic Force Microscope
> to examine the media.
Again, it depends on what one considers the high-end. You can buy
off-the-shelf AFM's that ship with vacuum chucks for all standard platter
sizes.
In the end, it all comes down to your thread model. (To state the bleeding
obvious).
Have fun,
--Lucky
