Re: Consequences of not really understanding

Subject: Re: Consequences of not really understanding
From: Sandy Harris <sandy -at- storm -dot- ca>
To: "TECHWR-L" <techwr-l -at- lists -dot- raycomm -dot- com>
Date: Mon, 17 Dec 2001 13:52:15 -0500

Stan Schwartz wrote:
> >Here in the UK, the Navy have such faith in the technology for wiping
> >hard drives that on one job I did in the 80s they paid to have the
> >drives smashed with a large hammer when the job was done :-)

There actually is a US DOD standard for wiping drives. I once had a copy,
and wrote a C program that implemented it for single files.

That standard is only applied for some security levels. Higher levels
require physical destruction of the drive.

> With the right software and patience, data can be recovered, intact,
> after three overwrites.

See Peter Gutmann's page:

Among other things, it has a Usenix paper of his that is the standard
reference on such data recovery, papers pointing out flaws in Norton
file encryption, and an enormous collection of crypto links.

> The more regular the overwrite pattern
> (10101010... as opposed to something more 'random' like 28472849...)
> the easier it is to filter out.

The standard I saw required at least three overwrites. one with all-1s,
one all 0s, one with random data. That is not enough to stop Gutmann's
attacks, but I read that standard years ago and it may have changed.

Be a published author! iUniverse gives you: a high-quality paperback, a
custom cover design, and distribution to 25,000 retailers. And it's
affordable. Join our almost 10,000 published authors today.

Your monthly sponsorship message here reaches more than
5000 technical writers, providing 2,500,000+ monthly impressions.
Contact Eric (ejray -at- raycomm -dot- com) for details and availability.

You are currently subscribed to techwr-l as: archive -at- raycomm -dot- com
To unsubscribe send a blank email to leave-techwr-l-obscured -at- lists -dot- raycomm -dot- com
Send administrative questions to ejray -at- raycomm -dot- com -dot- Visit for more resources and info.

RE: Consequences of not really understanding: From: Damien Braniff
RE: Consequences of not really understanding: From: Stan Schwartz

Previous by Author: Re: Specialize or Die?
Next by Author: Re: Users vs. usage
Previous by Thread: RE: Consequences of not really understanding
Next by Thread: RE: Consequences of not really understanding

What this post helpful? Share it with friends and colleagues:

Sponsored Ads