[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] erase with magnet

Glad you mentioned the Gutman note.

The subject is Magnetic Force Scanning Tunneling Microscopy and deals with very low level extraction of data. I looked into this a few months ago and asked Peter Gutman about it and this was his response:

"...with newer PRML/EPRML drives it's unlikely you can still recover much, and the
drives in use at the time I (Peter Gutman) wrote the article (early-mid'90s) have mostly
fallen out of use."

This is actually stated at the bottom of his article online at http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html where he states:

" In the time since this paper was published, some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques. As a result, they advocate applying the voodoo to PRML and EPRML drives even though it will have no more effect than a simple scrubbing with random data. In fact performing the full 35-pass overwrite is pointless for any drive since it targets a blend of scenarios involving all types of (normally-used) encoding technology, which covers everything back to 30+-year-old MFM methods (if you don't understand that statement, re-read the paper). If you're using a drive which uses encoding technology X, you only need to perform the passes specific to X, and you never need to perform all 35 passes. For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do. As the paper says, "A good scrubbing with random data will do about as well as can be expected". This was true in 1996, and is still true now."

His article is a very interesting read :)

Seth


Valdis.Kletnieks@xxxxxx wrote:

On Sat, 03 Apr 2004 11:09:34 CST, Michael Cecil <macecil@xxxxxxxxxxx> said:



If you want to sanitize a drive and then reuse it, use a overwriting tool such as Autoclave <http://staff.washington.edu/jdlarios/autoclave/> or Eraser <http://www.heidi.ie/eraser/> and use the overwriting setting recommended by Gutmann <http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html>.



Two notes:

1) Gutmann's 35 passes were devised to stress the recording methodologies
of the day.  Many of them are for encoding schemes not used anymore.

2) Canadian RCMP TSSIT OPS-II says: "Must first be checked for correct 
functioning
and then have all storage areas overwritten once with the binary digit ONE,
once with the binary digit ZERO and once with a single numeric, alphabetic or
special character, " (http://jya.com/rcmp2.htm)

American DoD 5220-22.M says: "Overwriting all addressable locations with a
character, its complement, then a random character and verify."  This is
permitted for classifications up to SECRET.  It is not acceptable for
TOP SECRET and higher.

I have to conclude that *our* spooks are of the opinion that even 3 passes
are sufficient to wipe out data thoroughly enough so that it's not worth it
for the *other* spooks to try recovering 'Secret'...



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html