More (almost free) stuff. - 3.5" WD 200GB IDE - $10

I have a Western Digital WD2000 Caviar SE  (3.5" 200GB IDE HDD).

$10 for the first taker, if nothing by the end of today it will be $5
tomorrow, which means by extrapolation I will be paying someone $20 or
so to take the thing next Monday. But then extrapolation never has
served us all that well in history.

I am yet to nuke the thing so this shall be a fun little exercise in
learning about disk wipey doovers. Perhaps I should put my money where
my mouth is and offer the $10 back free to anyone who can recover
something from it....

Pickup will be in Kambah.


--
Andrew Janke - andrew.janke@...
Department of Geriatric Medicine, ANU
(a.janke@... || http://a.janke.googlepages.com/)
Canberra->Australia +61 (402) 700 883
--
linux mailing list
linux@...
https://lists.samba.org/mailman/listinfo/linux

Andrew Janke wrote:
I'll take that if nobody else has a prior claim.  I use Darik's Boot and Nuke from http://www.dban.org/


--
Daniel Rose
National Library of Australia
--
linux mailing list
linux@...
https://lists.samba.org/mailman/listinfo/linux

> I have a Western Digital WD2000 Caviar SE  (3.5" 200GB IDE HDD).

And we have a winner.

(and now I have to speed up my learning process for wiping such things.)

hrm.


a
--
linux mailing list
linux@...
https://lists.samba.org/mailman/listinfo/linux

Andrew Janke <a.janke@...> wrote:
> (and now I have to speed up my learning process for wiping such things.)

My method:

1. Boot from Debian install disk
2. while true; num=$((num + 1)); echo "Random $num"; dd if=/dev/random
of=/dev/hda bs=1024000; echo "Zero $num"; dd if=/dev/zero of=/dev/hda
bs=1024000; done
3. Go to bed

Next morning I can see how many times the disk has been overwritten so
far. I'm not DIO or NSA so I'm not overly paranoid nor a particularly
valuable target. I figure the recovery cost for this disk is bare
minimum several tens of thousands of dollars and more likely at least
six figures. I also assume the disk is unlikely to wind up in the wrong
hands given my low value as a target, so this is good enough for me.

Of course, some people would probably argue that even this much effort
belies my statement above about my level of paranoia.
--
Sam Couter         |  mailto:sam@...
OpenPGP fingerprint:  A46B 9BB5 3148 7BEA 1F05  5BD5 8530 03AE DE89 C75C


--
linux mailing list
linux@...
https://lists.samba.org/mailman/listinfo/linux

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sam Couter wrote:
| Andrew Janke <a.janke@...> wrote:
|> (and now I have to speed up my learning process for wiping such things.)
|
| My method:
|
| 1. Boot from Debian install disk
| 2. while true; num=$((num + 1)); echo "Random $num"; dd if=/dev/random
| of=/dev/hda bs=1024000; echo "Zero $num"; dd if=/dev/zero of=/dev/hda
| bs=1024000; done
| 3. Go to bed

Alternately:

1) boot off System Rescue CD (http://www.sysresccd.org)
2) shred -vz /dev/$harddisk

This will not only overwrite the whole disk 26 times, but will use a random
assortment of zeros, random data, and patterns especially crafted by Peter
Gutmann to be the most difficult from which to recover data.

And you finish with a zeroed hard disk.

HTH,

Paul

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkiqmFwACgkQu7W0U8VsXYIc8wCfTlS0ZZ4RWf7PTw+r4Kc4NPrv
QdYAoIkJSbcOEhG43Fc/hKOSq0iRgUja
=0xcx
-----END PGP SIGNATURE-----
--
linux mailing list
linux@...
https://lists.samba.org/mailman/listinfo/linux

On 19/08/2008, at 19:54 , Paul Wayper wrote:

> This will not only overwrite the whole disk 26 times, but will use  
> a random
> assortment of zeros, random data, and patterns especially crafted  
> by Peter
> Gutmann to be the most difficult from which to recover data.

Truth be known, due to the statistical (ie: chance-based) nature of  
modern hard drive encoding, all you really need to do is write zeroes  
over the disk.

That old set of 22 patterns was to cover all possible mechanisms from  
the bad old days when one polarity signified a "on" bit, while the  
other polarity signified an "off" bit all the way through to the  
penultimate style of encoding. The idea was that you could write this  
software to erase any disk securely, regardless of what mechanism was  
used by that disk to actually encode the data into the magnetic  
domains on the disk.

But enough of that essay. The short version of Peter's essay is: 'for  
modern drives, write something that is not the data that was  
originally there.'

Alex



--
linux mailing list
linux@...
https://lists.samba.org/mailman/listinfo/linux

on 25/08/08 18:37 Alex Satrapa said the following:
...
stuff about wiping drives removed
...
> But enough of that essay. The short version of Peter's essay is: 'for
> modern drives, write something that is not the data that was originally
> there.'


The short version, is that if the data that the disk has held is worth more to
you than the cost of the drive? Physically destroy the platters & drive.

Anything else is the worst form of guess work. More akin, IMNSHO, to Russian
Roulette. Especially if said disk is to be physically transferred to
another's... tender loving care.


"I don't know anyone who can cheaply break rot13, therefore rot13 is a secure
encryption for my data!"

/hyperbole_shudder


Recognising that everyone is very different, but to me? A $10 return is just
so not worth that sort of risk. Especially if the data on said disk could have
a lifetime value measured in years to decades. YMMV.


Cheers!
- Steve
--
linux mailing list
linux@...
https://lists.samba.org/mailman/listinfo/linux

On Mon, Aug 25, 2008 at 8:04 PM, Steve McInerney <steve@...> wrote:


The challenge:
http://16systems.com/zero/index.html
--
linux mailing list
linux@...
https://lists.samba.org/mailman/listinfo/linux

Hal Ashburner wrote on 7/9/08 2:36 PM:

> The challenge:
> http://16systems.com/zero/index.html

While well-intentioned, if nobody undertakes or meets this challenge, it
won't tell us any more than "you can't recover zeroed-data for $500".


1. University Labs are excluded.
   Great brains, great equipment and the time to play...

2. Corporate Intelligence (Espionage?) firms are also excluded.
   And any firm that *can* actually do this would only demonstrate
   it privately - and then would charge $M's for its services.

3. If the spooks really can do this, we'll only know in 25-50 years.



Robert Morris (snr) casually mentioned at an AUUG conference (Sydney
Hilton) that it costs the NSA about $10M to 'do an intercept'. They are
good at breaking ciphers and cracking codes, and they understand the
economics of it. Even if that figure has come to $1M over the years,
they still wouldn't let their trade secrets become public.


I don't disagree with the experiment/challenge, but their method is
fundamentally flawed:

- failure to recover the data doesn't tell us anything new,

- the only useful outcome is if someone actually recovers data from the
drive (essentially for free) - and if 3 out 3 firms first contacted
demur, it's highly unlikely anyone will step up for the offered price.


If it was open to all comers and there was $50M up for grabs, I'd rate
their chances of getting result (-ve/+ve) as 'good' :-)

--
Steve Jenkin, Info Tech, Systems and Design Specialist.
0412 786 915 (+61 412 786 915)
PO Box 48, Kippax ACT 2615, AUSTRALIA

sjenkin@... http://members.tip.net.au/~sjenkin
--
linux mailing list
linux@...
https://lists.samba.org/mailman/listinfo/linux

steve jenkin wrote: Hi Steve,
It would tell us slightly more than that, that you can't recover for
non-labour costs of something significantly above $500.
If one could do it for say $3,000 plus a month's labour it would be
overwhelmingly tempting as it would likely make you a millionaire inside
a year performing expensive service for corporates and such. Much safer
than stealing data from 'erased' disks that could land you in jail.
> 1. University Labs are excluded.
>    Great brains, great equipment and the time to play...
>  
I didn't notice that, as you say that's just stupid.

> 3. If the spooks really can do this, we'll only know in 25-50 years.
>  
Maybe. By definition if we've heard nothing we still won't know.

> Robert Morris (snr) casually mentioned at an AUUG conference (Sydney
> Hilton) that it costs the NSA about $10M to 'do an intercept'. They are
> good at breaking ciphers and cracking codes, and they understand the
> economics of it. Even if that figure has come to $1M over the years,
> they still wouldn't let their trade secrets become public.
>  
Such figures are notoriously rubbery. They're very tough to calculate.
Do you assign the fixed costs to each interception? Is it the marginal
cost of one more interception? What do you include in the marginal cost?
In my experience of such numbers when you probe the foundations you get
a chain of "these guys said, jill said, barry said, ivan mentioned..." What it tells us is that it's not easy and not cheap at a minimum. So if
you want to give away old drives at clug using dd is highly likely to be
good enough to permanently obscure the data.
The test is not the worth of the data vs sale price of the drive, it's
the perceived value of the data to who you sell it to vs cost to extract it.
I'd go so far as to say for anyone at clug 99%+ perceived value of the
data is less than $0 because it would be such bad form to even try and
extract it even if such a thing were possible.
So what we've got is:
No evidence yet presented to support the theory that recovering data
from a zeroed drive is possible.
A fairly large financial incentive to demonstrate it. (Craploads more
than the notional $500 which you might not bother to even collect)
And no takers.
Obviously such is not actual proof that recovery from a zeroed drive is
impossible. It does suggest that the chances of your identity being
stolen if you zero a hard drive and sell it/give it away  at clug are
negligible.  At best.
One might not think that good enough for national defense secrets but
this has never been the case under discussion.
> If it was open to all comers and there was $50M up for grabs, I'd rate
> their chances of getting result (-ve/+ve) as 'good' :-)
I don't understand hard drives beyond the basics of platters, sectors
and heads. Is there any reason why you think the chances would be good?

Besides all that, my point is that if you've got equipment you're not
going to use, giving it away to someone who will is a good thing (TM)
for a whole bunch of reasons. I say do it. Just zero storage media
before pitching it.

Regards,
Hal
--
linux mailing list
linux@...
https://lists.samba.org/mailman/listinfo/linux

> Obviously such is not actual proof that recovery from a zeroed drive is
> impossible. It does suggest that the chances of your identity being stolen
> if you zero a hard drive and sell it/give it away  at clug are negligible.

So I can take the colander off now?


a
--
linux mailing list
linux@...
https://lists.samba.org/mailman/listinfo/linux

Andrew Janke wrote:
>> Obviously such is not actual proof that recovery from a zeroed drive is
>> impossible. It does suggest that the chances of your identity being stolen
>> if you zero a hard drive and sell it/give it away  at clug are negligible.
>>    
>
> So I can take the colander off now?
>  
Eh, haven't really disagreed with anything in particular you've said but
I do think you're overstating the case. If you do take the utterly
selfish "maximise economic value of personal gain" approach the equation
becomes
Sale price of drive - Expected Value of Loss from data recovery > 0
Where
"Expected Value of Loss" is the probability that the drive gets into the
hands of the deeply malicious multiplied by the probability of them
having the resources to recover the data multiplied by them having the
desire to recover the data multiplied by the economic loss to you of
having the recovered data in their hands.
(Please note that I'm not using selfish in the pejorative sense above,
being utterly selfish can be the correct approach in many cases and clug
really isn't the best place for philosophical debate either way.)

Selling/Giving away the drive has an indirect benefit to you, via
benefit to the community and the world that adds to the sale price.

Disagreeing with me is usually a good way to be right so you want to
make the case it would certainly make interesting reading at the very
least. As I say I don't really understand disk drives at any depth,
maybe you know a theoretical attack on zeroed data at the magnetic bits
level on the disk?

--
linux mailing list
linux@...
https://lists.samba.org/mailman/listinfo/linux

I have heard a technique described to recover data from an overwritten
drive - no idea whether it would actually work or not though.

The idea is that you would hook up some sort of digital oscilloscope
directly to the read head to be able to observe the magnetic pattern
on the disk as the head reads it and compare that to what the drive
tells you is in that location. You build up a profile of what a 1
generally looks like by taking the profile of every individual 1 on
the disk and averaging them together, do the same for every 0. Then
you go through and for every bit on the disk you subtract the average
profile from the individual profile. This will leave you with a new
much more subtle profile left over from whatever data was in that
location on the disk previously. Repeat the process however many times
the disk was overwritten - as you can imagine the recoverability of
the data would be dependant on the sensitivity of the head &
oscilloscope and how many times the data has been overwritten since
the left over profile will be harder to detect for each overwrite.
More overwrites will require more expensive equipment to recover the
data with.

So, anyone have any idea whether that's even plausible or not?

Cheers,
-Ian

--
On the day *I* go to work for Microsoft, faint oinking sounds will be
heard from far overhead, the moon will not merely turn blue but
develop polkadots, and hell will freeze over so solid the brimstone
will go superconductive.
 -- Erik Raymond, 2005
--
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
--
linux mailing list
linux@...
https://lists.samba.org/mailman/listinfo/linux

Ian <darkstarsword@...> writes:

> I have heard a technique described to recover data from an overwritten
> drive - no idea whether it would actually work or not though.
>
> The idea is that you would hook up some sort of digital oscilloscope
> directly to the read head to be able to observe the magnetic pattern
> on the disk as the head reads it and compare that to what the drive
> tells you is in that location.

[...]

> So, anyone have any idea whether that's even plausible or not?

A more extreme version uses a scanning electron microscope to scan the
disk surface, and has, in an unclassified demonstration, recovered data
overwritten to US military standards.  (7 wipes, random, etc.)

This can also go back in time quite a few overwrites of each sector, and
do all sorts of data recovery that was not thought practical until
tried.

So, yes, that is practical[1], and is probably vastly less effective
than some of the techniques that are unknown to the general public.

See also http://blocksandfiles.com/article/5056 which details briefly
the data recovery success on a disk that was recovered from the failed
shuttle mission.

Regards,
        Daniel

Footnotes:
[1]  ...as I understand things, and I am not an expert in this area.

--
linux mailing list
linux@...
https://lists.samba.org/mailman/listinfo/linux

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ian wrote:
| I have heard a technique described to recover data from an overwritten
| drive - no idea whether it would actually work or not though.
|
| The idea is that you would hook up some sort of digital oscilloscope
| directly to the read head to be able to observe the magnetic pattern
| on the disk as the head reads it and compare that to what the drive
| tells you is in that location. You build up a profile of what a 1
| generally looks like by taking the profile of every individual 1 on
| the disk and averaging them together, do the same for every 0. Then
| you go through and for every bit on the disk you subtract the average
| profile from the individual profile. This will leave you with a new
| much more subtle profile left over from whatever data was in that
| location on the disk previously. Repeat the process however many times
| the disk was overwritten - as you can imagine the recoverability of
| the data would be dependant on the sensitivity of the head &
| oscilloscope and how many times the data has been overwritten since
| the left over profile will be harder to detect for each overwrite.
| More overwrites will require more expensive equipment to recover the
| data with.

This is more or less what they do to recover data when it has been overwritten
by amateurs.  They also look at the cylinder edges, noting that sometimes the
head may have not perfectly aligned with the sector and may be hanging over in
one direction or another.

This is why the most common methods of securely erasing a disk work by writing
multiple passes of randomly-chosen combinations of patterns specifically
designed to cause patterns that include long(ish) runs of zeros or ones,
random data, and other patterns.  Twenty-six rewrites is the usual margin of
comfort for secure data destruction.  After reading that first layer, the
second layer will be that much harder to detect, and so forth down to the
coercivity limit of the media.

So it's _plausible_.  It requires hardware beyond the standard equipment used
for reading drives (which is why that challenge is so bogus), equipment that
is probably standard only in very expensive, very secret labs.

Realistically, by the same argument, I think there's probably a fairly good
case for just writing twenty-six alternating all-ones and all-zeros layers.
By the time the medium has been switched back and forth that much you've
probably removed any chance of a signal remaining above the limit of random
noise in the magnetic media.  But the paranoid amongst us prefer to make it
just that little bit more difficult to work backwards.

The thing that annoys me is, ultimately, the truly paranoid argue for burning
the drive in a furnace.  This is a waste of a perfectly good functioning hard
disk, often (since the real application of this kind of security is in
corporate and government data centres) a fairly costly one.  Effectively these
people are throwing more of your and my money down the drain in the name of
paranoia without any real proof that their actions are saving any money.  It's
all security theatre.

Have fun,

Paul
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkjGbqEACgkQu7W0U8VsXYKOkwCgkDBFg6S++wHs32VLnhQWCD6z
NPMAoLGclkOA6x72l9fal9c8ZVg7+MYv
=kIVR
-----END PGP SIGNATURE-----
--
linux mailing list
linux@...
https://lists.samba.org/mailman/listinfo/linux

On Tue, Sep 9, 2008 at 10:40 PM, Paul Wayper <paulway@...> wrote:
I doubt very much that such a technique would work. according to
http://www.patentstorm.us/patents/6408419/claims.html the actual
magnetic encoding on the disk has nothing to do with north/south pole
representing 1s and 0s. The actual data is encoded in such a way that
the decoder has the highest probabililty of deducing the data based on
the statistical response of the magnetic media. The data is also error
corrected heavily because the noise floor is very high. The result is
that even over writing it with 0s ( note that 0s actually get
translated to a complex patten by the encoder because you cant have a
long run of zeros on the actual platter) will affect the statistical
signal so much that there will be very little left over from previous
data. The reason is that the system is running so close to the noise
floor that any interference makes it fall below the noise floor -
there just is no margin there.

As an aside, these days it makes no sense to have unencrypted drives
anyway - if your drive is encrypted you dont really care if someone
can read it, and you can dispose of it without having to dd it very
much (maybe just the headers with the encrypted keys if you are really
paranoid).

> The thing that annoys me is, ultimately, the truly paranoid argue for
> burning
> the drive in a furnace.  This is a waste of a perfectly good functioning
> hard
> disk, often (since the real application of this kind of security is in
> corporate and government data centres) a fairly costly one.  Effectively
> these
> people are throwing more of your and my money down the drain in the name of
> paranoia without any real proof that their actions are saving any money.

Most of the other equipment is sold off at auction with very little
money recovered going back to the organization anyway (most gets
cyphoned off by auctioneer fees, charges etc). So its not as big a
different as you might think to destroy the harddrive or to sell it
off.

>  It's
> all security theatre.

Isnt everything? Quite often the simplest solutions are the most
secure but they are as spectacular as this.

Michael.
--
linux mailing list
linux@...
https://lists.samba.org/mailman/listinfo/linux

On Tue, September 9, 2008 22:40, Paul Wayper wrote:
> Realistically, by the same argument, I think there's probably a fairly
> good
> case for just writing twenty-six alternating all-ones and all-zeros
> layers.

Under what circumstances?
"I think..." is not a terribly useful risk analysis. :-)


> The thing that annoys me is, ultimately, the truly paranoid argue for
> burning
> the drive in a furnace.

Using labels to denigrate an opposing POV is a poor way of arguing your
case; and will typically cause your entire argument to be rejected out of
hand.


>  This is a waste of a perfectly good functioning
> hard
> disk, often (since the real application of this kind of security is in
> corporate and government data centres) a fairly costly one.  Effectively
> these
> people are throwing more of your and my money down the drain in the name
> of
> paranoia without any real proof that their actions are saving any money.

Out of idle curiosity: How many soldiers lives wasted would you consider
to be sufficient proof that this was no longer a waste of money?
How many leaks of bank account details?


> It's
> all security theatre.

No. It's called Risk Analysis.

One obvious & trivial counter is the media published leaks of details from
HDD's that *weren't* sanitised. Somewhat surprisingly :-) physical
destruction makes this particular process failure a lot harder to achieve.
And as an entire *process*, physical destruction is a LOT cheaper than
sanitisation.


Cheers!
- Steve

--
linux mailing list
linux@...
https://lists.samba.org/mailman/listinfo/linux