| 1 |
On 2 Feb 2006, at 11:28, Alexander Skwar wrote: |
| 2 |
>> |
| 3 |
>> This is not what normally (or at least, _always_) happens when you |
| 4 |
>> format a hard-drive. |
| 5 |
> |
| 6 |
> Well, depends on the definition of "format". If you |
| 7 |
> define format as "overwrite partition table", than |
| 8 |
> you're right. But that's hardly what I'd call "format". |
| 9 |
|
| 10 |
I was referring to the definition of "format" generally used by the |
| 11 |
authors & suppliers of formatting utilities. If you format a disk in |
| 12 |
Windows, or certainly if you "quick format" it, it doesn't run a |
| 13 |
quick call to `dd if=/dev/zero of=/de/hdX`; it merely overwrites the |
| 14 |
partition table so the data IS often recoverable after a format. |
| 15 |
|
| 16 |
If you were merely formatting a disk for your own use, had no |
| 17 |
expectation that it would fall into anyone else's hands, and were in |
| 18 |
a hurry to use the disk with its new filesystem on it, you would |
| 19 |
surely be wasting time were you to insist on blanking every single |
| 20 |
bit on the device - it's simply not necessary. |
| 21 |
|
| 22 |
I am not qualified to comment on recovery of data from a disk that |
| 23 |
has been wiped with zeros in the way you describe, nor from one which |
| 24 |
has been shredded properly with repeated iterations of random & non- |
| 25 |
random bits, but there certainly does seem to be a lot of hearsay on |
| 26 |
the subject. I would consider the a disk that's been comprehensively |
| 27 |
overwritten once to be unrecoverable from the practical perspective |
| 28 |
of the original discussion (a mate in the pub) but do consider a disk |
| 29 |
that's been over-written with shred to be unrecoverable as far as my |
| 30 |
customers' commercial data is concerned. |
| 31 |
|
| 32 |
Whilst writing this I looked up `info shred` which claims: |
| 33 |
|
| 34 |
If you have sensitive data, you may want to be sure that recovery |
| 35 |
is not possible by actually overwriting the file with non-sensitive |
| 36 |
data. However, even after doing that, it is possible to take the |
| 37 |
disk back to a laboratory and use a lot of sensitive (and expensive) |
| 38 |
equipment to look for the faint "echoes" of the original data |
| 39 |
underneath the overwritten data. If the data has only been |
| 40 |
overwritten |
| 41 |
once, it's not even that hard. |
| 42 |
|
| 43 |
The best way to remove something irretrievably is to destroy the |
| 44 |
media it's on with acid, melt it down, or the like. |
| 45 |
|
| 46 |
The info page references Peter Gutmann's paper `Secure Deletion of |
| 47 |
Data from Magnetic and Solid-State Memory'. I'm not qualified to |
| 48 |
assess this paper fully, and hard-drives have progressed considerably |
| 49 |
in the last decade, but my naive reading of the conclusion seems to |
| 50 |
support the suggestion that a single write may not be sufficient to |
| 51 |
thwart a determined attacker: |
| 52 |
|
| 53 |
Data overwritten once or twice may be recovered by subtracting what |
| 54 |
is expected to be read from a storage location from what is actually |
| 55 |
read... it is effectively impossible to sanitise storage locations |
| 56 |
by simple overwriting them, no matter how many overwrite passes are |
| 57 |
made or what data patterns are written. However by using the |
| 58 |
relatively simple methods presented in this paper the task of an |
| 59 |
attacker can be made significantly more difficult, if not |
| 60 |
prohibitively |
| 61 |
expensive. |
| 62 |
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html which |
| 63 |
concludes: |
| 64 |
|
| 65 |
I state once again that I'm not really qualified to comment on the |
| 66 |
subject to this depth, so I offer these references merely for your |
| 67 |
perusal. I would be grateful if you refrained in any future responses |
| 68 |
from the sneering manner you have employed in those to date. |
| 69 |
|
| 70 |
Stroller. |
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
-- |
| 75 |
gentoo-user@g.o mailing list |
Archives