Re: Disposal of storage devices/med

[R.S.]

W dniu 2014-01-21 17:03, Phil Smith pisze:
R.S. wrote:
3. Regarding possibility rto read *valuable* information overwritten once: Such 
theoretical possibility assumes one use good microscope and watches single magnetic 
domain. There is no hidden HDD command like "read deleted info". And now: what 
is easier: decrypt encrypted content of play with 100000000000000000-element puzzle of 
domains?
The latter: you'll be recovering data incrementally starting with the first 
domain (well, first cluster of domains)-as opposed to brute-force decryption, 
where the universe is almost certainly dark before you have the first byte 
(although admittedly with decryption, once you have one byte, you have it all).
No. You will have bit. Set of bits. All bits come from same recording or 
different recordings, so you will never know whether the puzzle belogs 
to proper set. Maybe you just read "valid" byte or maybe you read one of 
random bytes written during one of overwrite sessions (you don't know 
how many times I did overwrite my disk). While knowledge of ECC will 
help you to assemble the byte (or larger chunk) from bits, it won't help 
you to know which version of track content you just recovered. Note: 
it's very likely the track was overwritten hundreds of time during disk 
life, you cannot distinguish deleted/updated data from random content.

IMHO both methods will guarantee that no one would be interested enough 
to invest time and resources to recover data from encrypted or 
overwritten disk. There are easier and cheaper methods: bribery and 
blackmail to name a few. I mean disks and data from organizations like 
banks or companies, let's exclude CIA, NSA and other TLAs.

--
Radoslaw Skorupka
Lodz, Poland






--
Tre tej wiadomoci moe zawiera informacje prawnie chronione Banku 
przeznaczone wycznie do uytku subowego adresata. Odbiorc moe by jedynie 
jej adresat z wyczeniem dostpu osób trzecich. Jeeli nie jeste adresatem 
niniejszej wiadomoci lub pracownikiem upowanionym do jej przekazania 
adresatowi, informujemy, e jej rozpowszechnianie, kopiowanie, rozprowadzanie 
lub inne dziaanie o podobnym charakterze jest prawnie zabronione i moe by 
karalne. Jeeli otrzymae t wiadomo omykowo, prosimy niezwocznie 
zawiadomi nadawc wysyajc odpowied oraz trwale usun t wiadomo 
wczajc w to wszelkie jej kopie wydrukowane lub zapisane na dysku.

This e-mail may contain legally privileged information of the Bank and is 
intended solely for business use of the addressee. This e-mail may only be 
received by the addressee and may not be disclosed to any third parties. If you 
are not the intended addressee of this e-mail or the employee authorized to 
forward it to the addressee, be advised that any dissemination, copying, 
distribution or any other similar activity is legally prohibited and may be 
punishable. If you received this e-mail by mistake please advise the sender 
immediately by using the reply facility in your e-mail software and delete 
permanently this e-mail including any copies of it either printed or saved to 
hard drive.

mBank S.A. z siedzib w Warszawie, ul. Senatorska 18, 00-950 Warszawa, www.mBank.pl, e-mail: kont...@mbank.pl 
Sd Rejonowy dla m. st. Warszawy XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, nr rejestru przedsibiorców KRS 0000025237, NIP: 526-021-50-88. Wedug stanu na dzie 01.01.2014 r. kapita zakadowy mBanku S.A. (w caoci wpacony) wynosi 168.696.052 zote.


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN