"...For this reason it is effectively impossible to sanitise storage
locations by simple overwriting them, no matter how many overwrite
passes are made or what data patterns are written."
Non sequitur.
-Don
David Zakar wrote:
Such an illustrious academic as yourself deserves an equally illustrious
answer:
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
The lazy among us, however, should skip to Dr. Gutmann's conclusion:
"Data overwritten once or twice may be recovered by subtracting what is
expected to be read from a storage location from what is actually read.
Data which is overwritten an arbitrarily large number of times can still
be recovered provided that the new data isn't written to the same
location as the original data (for magnetic media), or that the recovery
attempt is carried out fairly soon after the new data was written (for
RAM). For this reason it is effectively impossible to sanitise storage
locations by simple overwriting them, no matter how many overwrite
passes are made or what data patterns are written. However by using the
relatively simple methods presented in this paper the task of an
attacker can be made significantly more difficult, if not prohibitively
expensive."
Would NSA invest large sums of money to read deleted stuff off hard
drives if they knew it could always work? Methinks yes.
-DMZ
On Wed, 2005-11-02 at 17:16 -0500, Rob wrote:
On Wed, Nov 02, 2005 at 12:28:34PM -0500, David Zakar wrote:
Yes. There was a discussion on bugtraq (or focus-linux?) a while back, I
believe. Essentially, the best way to delete your data is to never store
it unencrypted, and make sure to use a good crypto algorithm. You could
always piece together a shattered hard drive and then read that, whereas
brute forcing the encrypted data is mathematically just not going to
happen.
Of course, they could still conceivably read your RAM, so you'll need to
physically destroy/hide that, too. And your crypto key! Breaking into
your house and stealing that hidden USB key is a serious issue...
I've always taken it as a question of your faith in voodoo:
Does the NSA have stronger voodoo in making lost bits coming back to
life or by breaking strong encryption? Lots of smart people can talk,
but no one really nows..
- Rob
.
