Re: Wanted: Secure-delete utility for Linux

Colin Plumb (colin@nyx.net)
Tue, 22 Dec 1998 07:14:23 -0700 (MST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: CyberPsychotic: "Re: TCP denyal II"
Previous message: Dominik Kubla: "Re: forceful unmount"
Maybe in reply to: penang.island@usa.net: "Wanted: Secure-delete utility for Linux"
Next in thread: Dave Cinege: "Re: Wanted: Secure-delete utility for Linux"

Rogier Wolff wrote:
> Personally I'd say that you should write random values a few times in
> a row.
>
> In your case, you're overwriting a zero bit with a zero in 50% of the
> "write random data" passes. On a 1G disk, that means that after three
> "write random data" passes (interleaved with write zeroes or not),
> about 128 Mb worth of bits has simply been overwritten with "0" once.
>
> Not good.

Um, this thought is clouded by some seriously incorrect assumptions
about how hard drives work. You need to read up on "channel coding"
for digital magnetic media. The simplest one still in use (on floppies)
is MFM, "modified frequency modulation". You should be able to find
a description on the web somewhere.

> Note that you really should use a real random pattern. Not a pseudo
> random one. Recovering a bit that has been overwritten a few times is
> MUCH harder if you don't know the intermediate values.

A cryptographically strong random one is suitable. Note that you
should NOT use /dev/urandom. It's an excellent RNG, but too damn slow
for bulk data production. Use it to seed your own cryptographic PRNG.

> "Drive savers" (expensive company doing data recovery (*) ) told me they
> couldn't even read through data that was overwritten once. "Only the
> guys in the black suits have that kind of technology".

I'm told that it's sometimes possible to do *in software* by using
offset reads, a diagnostic available (but undocumented) in virtually
all hard drives.

But I knew a technician from Maxtor who read once-overwritten data from
a hard drive. He left the read head and preamplifier alone, since they
were very well matched, but fed the amplified read signal into a good
digital oscilliscope instead of the cheap circuitry usually used in
hard drives.

He then did some off-line DSP, averaging all of the read pulses from
the sector together to generate an "idealized" pulse and then
subtracting that from all the actual pulses. The remainder (at
much lower amplitude) was the previous overwritten data.

This took one day to do. He thought he could do two passes with
some more work, but didn't pursue it.

I'm not mentioning names out of general privacy concerns, but the
fellow who did this does have a name and I knew him pretty well. He
gave me a tour of the factory and the bench where he did the work.
It's not an urban legend.

-- -Colin

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: CyberPsychotic: "Re: TCP denyal II"
Previous message: Dominik Kubla: "Re: forceful unmount"
Maybe in reply to: penang.island@usa.net: "Wanted: Secure-delete utility for Linux"
Next in thread: Dave Cinege: "Re: Wanted: Secure-delete utility for Linux"