1996-12-10 - RE: Secure Erase for PCs?

Header Data

From: John Fricker <jfricker@vertexgroup.com>
To: cypherpunks@toad.com
Message Hash: 41ad5909a1c128a6406099052b54207e08b7725f10536732e8b3d8fe663aeae2
Message ID: <19961210233018452.AAA215@dev.vertexgroup.com>
Reply To: N/A
UTC Datetime: 1996-12-10 23:31:35 UTC
Raw Date: Tue, 10 Dec 1996 15:31:35 -0800 (PST)

Raw message

From: John Fricker <jfricker@vertexgroup.com>
Date: Tue, 10 Dec 1996 15:31:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: Secure Erase for PCs?
Message-ID: <19961210233018452.AAA215@dev.vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


Peter's paper is an interesting overview of data recovery technology. He does 
conclude that his 35 write regiment will overwrite all signals on hard disk 
media. It would seem that performing the 35 writes multiple times would yield 
an securely erased drive. Yet he clearly is not an expert in data recovery, is 
organizing others research, and does not provide evidence or tests for his 
postulates such as the need for a good PRNG. It would be quite interesting to 
send a disk off to a data recovery company after running through Peter's method 
with perhaps different parts of the disk treated differently. 

Also, the section on RAM talks about data persistance but does not cover 
recovery methods other than SRAM power up bias. Nor is the RAM section 
referenced. RAM is so active that it would seem little pertinent data could be 
recovered if any.

So, in spite of not being an expert myself I am not convinced that any very 
well funded entity can recover data that has been overwritten an arbitrarily 
large number of times. Of course the relative value of my personal data is low 
and my level of paranoia follows. One can not be called reactionary by 
recommending a "no-trust" policy. 

Reading the paper reminds me how long ago it was that I studied the physics of 
microelectronic devices. Yow!


>Bill Frantz (frantz@netcom.com) said 
>At 8:05 PM -0800 12/9/96, John Fricker wrote:
>>>	Though, technically, no disk can be securely erased, my program,
>>
>>Sure it can. Ten overwrites will rendered remnant data obscure. So says the
>>electron microscope waving data recovery experts anyway.
>
>You should really check out Peter Gutmann's paper in the 1996 Usenix
>Security Conference Proceedings.  After reading it, I think you will come
>to the conclusion that the only secure data destruction technique, against
>a well-funded attacker, is destruction of the disk.  I like thermite myself.
>
>
>-------------------------------------------------------------------------
>Bill Frantz       | I still read when I should | Periwinkle -- Consulting
>(408)356-8506     | be doing something else.   | 16345 Englewood Ave.
>frantz@netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA
>

--j

---------------------------------------------------------------------------------
------------------------
| John Fricker (jfricker@vertexgroup.com)
| -random notes-
| My PGP public key is available by sending 
| me email with subject "send pgp key".
| www.Program.com is a good programmer web site.

--------------------------------------------------------------------------------------------------------
-





Thread