From: frantz@netcom.com (Bill Frantz)
To: cypherpunks@toad.com
Message Hash: 3f6d1493d88336e1c39a48ccdcbb22dadd6c50f47d96585dcc3be8b1153969c7
Message ID: <199609120609.XAA05442@netcom8.netcom.com>
Reply To: N/A
UTC Datetime: 1996-09-12 08:19:23 UTC
Raw Date: Thu, 12 Sep 1996 16:19:23 +0800
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 12 Sep 1996 16:19:23 +0800
To: cypherpunks@toad.com
Subject: Re: Erasing Disks
Message-ID: <199609120609.XAA05442@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
I was asked of an outline of Peter Gutmann's paper, "Secure Deletion of
Data from Magnetic and Solid-State Memory" in The Sixth USENIX Security
Symposium Proceedings in private mail. Since I think the question is of
general interest I am posting the answer and Bccing the original
questioner.
The paper starts with the comment that most secure data destruction guides
are classified. There is the suspicion that the unclassified ones do not
cover the newer recording materials and techniques, and will not protect
you against government attackers.
The analysis techniques for disks examined were Magnetic Force Microscopy
(MFM) and its close cousin, Magnetic Force Scanning Tunneling Microscopy
(STM). "It is possible to build a reasonably capable SPM for about
US$1400, using a PC as a controller." (See
http://www.skypoint.com/~members/jrice/STMWebPage.html) This cost is
conceivably within the range of a high school student.
Peter discusses the way that data can be recovered from under new data (due
to the difference in the magnetic domains depending on whether the bits
were the same or different), and beside new data due to positioning errors
of the head.
When trying to develop a secure erasure technique, you need to know the
encoding technique used on the disk. (e.g. FM, MFM, RLL, PRML etc.)
He recommends a 35 pass erasure scheme as follows:
1-4 Random
5 0x55
6 0xAA
7 0x924924
8 0x492492
9 0x249249
10 0x00
11 0x11
12 0x22
13 0x33
14 0x44
15 0x55
16 0x66
17 0x77
18 0x88
19 0x99
20 0xAA
21 0xBB
22 0xCC
23 0xDD
24 0xEE
25 0xFF
26 0x924924
27 0x492492
28 0x249249
29 0x6DB6DB
30 0xB6DB6D
31 0xDB6DB6
32-35 Random
He recommends using cryptographically random numbers and randomly permuting
the deterministic passes to further confuse attackers.
He warns about disabling any disk caches which may be present, and
discusses the problems of erasing data on now-bad sectors. He points out
that data which has been left for a long time is harder to erase than
recently written data. He mentions that the most powerful commercially
available deguassers aren't powerful enough to erase modern disks or DAT
tapes. (N.B. Deguassing a disk will also erase the factory-written control
tracks, making the disk useless.) He notes that ECC may make destruction
of data more difficult.
He recommends burning floppy disks.
He also discusses recovering data from DRAM and SRAM devices. He mentions
that data which has been stored in DRAM for 10 minutes will be detectable
after power is removed. He recommends that sensitive data (such as crypto
keys) have their bits flipped every second or so. This technique has the
beneficial side effect that the page remains recently used and is less
likely to be paged out.\
I quote from his conclusion, "Data overwritten once or twice may be
recovered by subtracting what is expected to be read from a storage
location from what is actually read. Data which is overwritten an
arbitrarily large number of times can still be recovered provided that the
new data isn't written to the same location as the original data (for
magnetic media), or that the recovery attempt is carried out fairly soon
after the new data was written (for RAM). For this reason it is
effectively impossible to sanitize storage locations by simple overwriting
them, no matter how many overwrite passes are made or what data patterns
are written. However by using the relatively simple methods presented in
this paper the task of an attacker can be made significantly more
difficult, if no prohibitively expensive."
-------------------------------------------------------------------------
Bill Frantz | "Lone Star" - My personal | Periwinkle -- Consulting
(408)356-8506 | choice for best movie of | 16345 Englewood Ave.
frantz@netcom.com | 1996 | Los Gatos, CA 95032, USA
Return to September 1996
Return to “frantz@netcom.com (Bill Frantz)”
1996-09-12 (Thu, 12 Sep 1996 16:19:23 +0800) - Re: Erasing Disks - frantz@netcom.com (Bill Frantz)