[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Some legal trouble with TOR in France



Ringo,

Everything I've read about the Guttman method suggests your statement
isn't accurate. For example, this is from the DBAN FAQ:

http://dban.sourceforge.net/faq/index.html

[start quote]

Q: Is the Gutmann method the best method [for wiping magnetic hard
drives]?

A: No.

Most of the passes in the Gutmann wipe are designed to flip the bits in
MFM/RLL encoded disks, which is an encoding that modern hard disks do
not use.

In a followup to his paper, Gutmann said that it is unnecessary to run
those passes because you cannot be reasonably certain about how a
modern hard disk stores data on the platter. If the encoding is
unknown, then writing random patterns is your best strategy.

In particular, Gutmann says that "in the time since this paper was
published, some people have treated the 35-pass overwrite technique
described in it more as a kind of voodoo incantation to banish evil
spirits than the result of a technical analysis of drive encoding
techniques. As a result, they advocate applying the voodoo to PRML and
EPRML drives even though it will have no more effect than a simple
scrubbing with random data... For any modern PRML/EPRML drive, a few
passes of random scrubbing is the best you can do".

Read these papers by Peter Gutmann: 

Secure Deletion of Data from Magnetic and Solid-State Memory
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

Data Remanence in Semiconductor Devices
http://www.cypherpunks.to/~peter/usenix01.pdf

[end quote]

If you read these papers are others, I think you'll agree that most any
magnetically-stored data is retrievable (even if wiped and/or rewritten
with newer data). It largely depends on how much money one is willing
to spend, the types of resources available, and available time. A local
police department won't have the funds/resources/time to retrieve data
from a well-wiped drive, but large government agencies, if sufficiently
motivated (e.g., to decipher terrorist plans), certainly will.



--- Ringo Kamens <2600denver@xxxxxxxxx> wrote:

> I think you're thinking of gnutmann. It wipes 35 passes but about a
> year ago
> researchers recovered data past that point. If researchers can do it,
> imagine what the government can do. In addition, there could be
> hardware
> taps on the machine.
> 
> 
> On 5/13/06, Landorin <Landorin@xxxxxxx> wrote:
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > I don't get it. Why buy a new one anyway? From what I know, any and
> > every data will be lost if you format your hardisk with a safe
> method
> > (can't remember the name right now but that method keeps writing
> > random data to your entire hardisk to overwrite existing files and
> it
> > does it for 10 times or more to ensure all old data is lost)?
> >
> > Sincerely,
> > Landorin
> >
> >
> > Eric H. Jung schrieb:
> > > If you can't afford a new hard drive, be sure to wipe it using
> DBAN
> > > http://dban.sourceforge.net/
> > > (open-source, free)
> > >
> > >
> > > --- Ringo Kamens <2600denver@xxxxxxxxx> wrote:
> > >
> > >> Chances are it would be internal and couldn't hold much data. I
> > >> really think
> > >> you should sell your rig and buy a used one that's comprable and
> cut
> > >> the
> > >> losses. It's too risky to keep it.
> > >>
> > >> On 5/13/06, Olivier Barbut <olivier.barbut@xxxxxxx> wrote:
> > >>> thanks for the advice. I will for shure reformat everything and
> > >>> reinstall linux when I get time for this. Changing hard drives
> > >> would be
> > >>> nice but I have not enough money for this right now.
> > >>>
> > >>> Do you know what a hard drive tap could look like ?
> > >>>> As for the tor server, I suggest that you completely wipe
> those
> > >> drives
> > >>>> securely, reformat, and reinstall everything. The best thing
> to
> > >> do
> > >>>> would be to sell those drives and buy new ones because it
> could
> > >> be
> > >>>> that they put taps in them. Also, they could have installed a
> > >>>> keylogger. If I were you, I wouldn't use any of that equipment
> > >> again.
> > >>>> At the very minimum, you need to reinstall windows/linux/etc.
> and
> > >> tor
> > >>>> with a reformat because they probably put in a trojaned
> version
> > >> of tor.
> > >
> > >
> >
> >
> > - --
> > Accelerate cancer research with your PC:
> > http://www.chem.ox.ac.uk/curecancer.html
> >
> > GPG key ID: 4096R/E9FD5518
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.2.1 (MingW32)
> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> >
> > iQIVAwUBRGZV7C4XdI7p/VUYAQKcsg//VKwTiM70FAWxnqpZG+bDgWguHztRjFd4
> > 2SbsfOmKlLq3JZOxj5QgGZT/LDIvIbROhg7fgPQ5Ko9Dk3odwWBbLTeoo6vzqLEV
> > IVNht+MNPK5M9kOCQxQhlfi6H4SkwVgmUhanu9Y1TZK6ZrtVPRwmKq3F/LIE56Yp
> > apTja6o6gE4hgiwHLHiqwxQY8SXgFi4QYdvtDKVL9/bQHiE7h5nxKK1ZZZEEhOpx
> > 9WShBH5c8GOU3dwrRJwhbkbPwM0zyRR3gh2eE3vYZm9ZLgu+SUnv/FqY1KVZGSc8
> > 4ubV72IRbgzind8Q1btf2mzPBm1spxN04BkoqMG8OKR274LkLN496Pw8w1O1K6uE
> > KEuub0ilwNiccFJ+//xMBZg691012ddMd6wwqDuiMF3TCcH+nO8JnPWPQRLZ3mct
> > cJLF6pldawabH1EVZ1WqmuhOnmOmRfbVQG22AKcfsTgku7geTyrLSw1PctKph9gm
> > i//ookWGJvR1zRl1V2LkVOmiQfN2KbjTHZFWaxdIC5M+b2/8kXAagP9u6gAluZi+
> > WatIzdRgU6eYJLD46q6Hs6jDv6yXIdpQtsFtlZ3SMilOVJOU5SahZauVVF7rqH14
> > KIXdYCi+Ltg1uYOllED0bHnRXpgqNlphwt4tU892eRPhRiBX1XuX7vPBGPESi9ib
> > oaV3AHk+Lpc=
> > =Z0Oc
> > -----END PGP SIGNATURE-----
> >
> >
>