[Leaplist] The DD drive challenge

Thu Apr 10 10:13:12 EDT 2008

On Wednesday 09 April 2008 13:29, John Simpson wrote:
> On 2008-04-08, at 1248, patrick wrote:
> > Did you first write over the tapes with all inputs turned off?
> >
> > I think that is what happens with DD, but, don't know for certain.
> > The
> > fact that the government agencies and disk recovery companies declare
> > that it is impossible to recover drive data after a DD command, when
> > they all have much to gain by doing a recovery, speaks volumes to
> > me...
>
> it's not impossible, but it _is_ rather difficult. you would have to
> phsyically open the drive and read the platters using special hardware
> (more sensitive magnetic heads, with a very narrow field width,
> aligned to the edges of the normal data channels.) it *can* be done,
> especially if the data was only overwritten once.
>
> and even though their web site says they extend the challenge to any
> government agency as well, the fact is that the people who HAVE this
> capability are not going to participate, because (1) the reward is
> small (only $400 plus you get to keep the drive itself?) and (2) the
> government in particular will leave this alone, because they don't
> want any public documentation of their actual intelligence-gathering
> capabilities.
>
> after all, you never know when you'll have to recover data from an
> "erased" hard drive which used to belong to a "terrorist", and if it
> becomes a verified fact that a single pass with "dd" is NOT secure
> enough to prevent them from recovering the data, the bad guys will use
> something stronger.
>
> look at it this way- you state that the government is telling the
> public that one pass with "dd" is good enough, but the fact is that
> NIST 800-88 (the federal standard for data sanitization) doesn't
> mention "dd" as an approved method of securely deleting data (although
> to be fair, it may be that they just haven't gotten around to changing
> it yet.)
>
> http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf
>
> list of NIST special publications (some interesting things here, all
> paid for by our tax dollars...)
>
> http://csrc.nist.gov/publications/PubsSPs.html
>
> personally speaking, i tend to place a little bit more faith in the
> procedures that the gummint(tm) uses to protect their own data, than
> what they tell the sheeple is okay to use. so when/if they change NIST
> 800-88, i'll look at changing my opinion then.

And the other thing is, speaking just for myself, by the time I have a hard 
disk leave my family, one of two things has happened:

1) The hard disk has problems
2) The hard disk is hopelessly obsolete (for instance, it's less than 10GB in 
2008)

In either of those cases, I have absolutely no philosophical problem with 
getting my 32 ounce hammer, bringing the drive out to the driveway, and 
smashing it til there's no platter piece more than a square centimeter.

As a practical matter, I think every drive that's left this house was either 
broken or less than 3GB.

Obviously, a big business would operate in a completely different manner, and 
would need to either sell old machines or return them to the lessor. Either 
way, the 32 oz hammer is not a solution.

Personally, if I were going to depend on dd, I'd dd /dev/urandom onto it to 
make more analog noise, and I'd do it at least 10 times.

STeveT

Steve Litt
Author: Universal Troubleshooting Process books and courseware
http://www.troubleshooters.com/