I am getting more confused all of the time. I have read that it is not true that most programs can truly delete with one pass only. I have read that only the Gutmann algorithm is truly secure against Forensic Hardware recovery techniques. It is a VERY LONG process of over 35 writes.
What is the real truth here. It seems that incineration (obviously I won't do that ) is the only truly secure method?
Gil <w0m...@gmail.com> wrote: > I am getting more confused all of the time. I have read that it is not > true that most programs can truly delete with one pass only. I have > read that only the Gutmann algorithm is truly secure against Forensic > Hardware recovery techniques. > It is a VERY LONG process of over 35 writes.
Mr. Gutmann's analysis is questionable to some extent. Experts say that in practice two or three overwrites with arbitrary data (which doesn't need to be random or alternating bit patterns) should suffice. Also consider that there are no experimental proofs, which would show that Mr. Gutmann's recovery method works at all.
> What is the real truth here. It seems that incineration (obviously I > won't do that ) is the only truly secure method?
Yes. There can always be physical data trails in or near the hard disk, which we haven't discovered yet; or maybe someone finds out that in practice Mr. Gutmann's conjecture is much worse than he thought. Maybe even a hundred overwrites is not enough.
So in my opinion, the best method is not to let any plaintext data into the hard disk in the first place, i.e. use encryption. If you can't (which is unlikely) and you want to make 100% sure, destruction is the only method, if you can afford it. If "adequate security" is enough for you, overwrite three or four times. That should be enough.
>> I am getting more confused all of the time. I have read that it is not >> true that most programs can truly delete with one pass only. I have >> read that only the Gutmann algorithm is truly secure against Forensic >> Hardware recovery techniques. >> It is a VERY LONG process of over 35 writes.
>Mr. Gutmann's analysis is questionable to some extent. Experts say that >in practice two or three overwrites with arbitrary data (which doesn't >need to be random or alternating bit patterns) should suffice. Also >consider that there are no experimental proofs, which would show that >Mr. Gutmann's recovery method works at all.
>> What is the real truth here. It seems that incineration (obviously I >> won't do that ) is the only truly secure method?
>Yes. There can always be physical data trails in or near the hard disk, >which we haven't discovered yet; or maybe someone finds out that in >practice Mr. Gutmann's conjecture is much worse than he thought. Maybe >even a hundred overwrites is not enough.
>So in my opinion, the best method is not to let any plaintext data into >the hard disk in the first place, i.e. use encryption. If you can't >(which is unlikely) and you want to make 100% sure, destruction is the >only method, if you can afford it. If "adequate security" is enough for >you, overwrite three or four times. That should be enough.
>Greets, >Ertugrul.
This is encouraging but unfortunately the program that operates the best only does it once. I guess I could run it three time but that loses the ease of use. I like the design of ShredAgent. It is a device driver that automatically overwrites as you do a delete if you set it to active mode thereby converting Windows delete to a true delete, assuming they are correct that the single overwrite for modern drives is secure. I am not sure if the data written would be the same on a second run ( this is hard since it is already done and you have to run a delete free space to do it which takes about 80 minutes on this drive) so I don't know if it would increase security or not?
>I am getting more confused all of the time. I have read that it is not >true that most programs can truly delete with one pass only. I have >read that only the Gutmann algorithm is truly secure against Forensic >Hardware recovery techniques. >It is a VERY LONG process of over 35 writes.
>What is the real truth here. It seems that incineration (obviously I >won't do that ) is the only truly secure method?
I don't think incineration is necessarily secure. You still might be able to get some of the data. You can, for example, recover information written on paper which is then burned, sometimes just by looking at the ashes if they stayed mostly in one piece.
Here are some better ideas: - Launch it into the sun (possible risk if rocket lands back on Earth instead of going where it should). - Dump it into a blast furnace, where it will be totally melted. - Blow it up with C4, or a small nuke, at a range of 6 inches.
Gordon Burditt wrote: > - Launch it into the sun (possible risk if rocket lands back on Earth > instead of going where it should). > - Dump it into a blast furnace, where it will be totally melted. > - Blow it up with C4, or a small nuke, at a range of 6 inches.
Gil wrote: >I am getting more confused all of the time. I have read that it is not >true that most programs can truly delete with one pass only. I have >read that only the Gutmann algorithm is truly secure against Forensic >Hardware recovery techniques. >It is a VERY LONG process of over 35 writes.
>What is the real truth here. It seems that incineration (obviously I >won't do that ) is the only truly secure method?
Who is the attacker? Some thief who stole your laptop? You local police? Those types of attacks don't need the amount of security that, say, Osama Bin laden needs to defeat the best efforts of the NSA.
Gil <w0m...@gmail.com> wrote: > I like the design of ShredAgent. It is a device driver that > automatically overwrites as you do a delete if you set it to active > mode thereby converting Windows delete to a true delete, assuming they > are correct that the single overwrite for modern drives is secure. I > am not sure if the data written would be the same on a second run ( > this is hard since it is already done and you have to run a delete > free space to do it which takes about 80 minutes on this drive) so I > don't know if it would increase security or not?
I'm sure that it would be easy to add consistent shredding capabilities to existing filesystem drivers, which overwrite file fragments, when moved or deleted, such that a file is destroyed with guarantee, when deleted. It would be slow as hell, but a wonderful feature for some people, although I would still prefer encryption.
On Fri, 18 Jul 2008 23:04:55 +0000, m...@privacy.net wrote:
>Gil wrote:
>>I am getting more confused all of the time. I have read that it is not >>true that most programs can truly delete with one pass only. I have >>read that only the Gutmann algorithm is truly secure against Forensic >>Hardware recovery techniques. >>It is a VERY LONG process of over 35 writes.
>>What is the real truth here. It seems that incineration (obviously I >>won't do that ) is the only truly secure method?
>Who is the attacker? Some thief who stole your laptop? You local >police? Those types of attacks don't need the amount of security >that, say, Osama Bin laden needs to defeat the best efforts of the >NSA.
Actually, the biggest problem is knowing what files to delete if you are not using system wide encryption and knowing that there is no agency monitoring the radiation that escapes an active system. There is a huge amount of data around in temporary caches that must be destroyed.
On Sun, 20 Jul 2008 20:04:22 -0500, Gil <w0m...@gmail.com> wrote: >On Fri, 18 Jul 2008 23:04:55 +0000, m...@privacy.net wrote:
>>Gil wrote:
>>>I am getting more confused all of the time. I have read that it is not >>>true that most programs can truly delete with one pass only. I have >>>read that only the Gutmann algorithm is truly secure against Forensic >>>Hardware recovery techniques. >>>It is a VERY LONG process of over 35 writes.
>>>What is the real truth here. It seems that incineration (obviously I >>>won't do that ) is the only truly secure method?
>>Who is the attacker? Some thief who stole your laptop? You local >>police? Those types of attacks don't need the amount of security >>that, say, Osama Bin laden needs to defeat the best efforts of the >>NSA.
>Actually, the biggest problem is knowing what files to delete if you >are not using system wide encryption and knowing that there is no >agency monitoring the radiation that escapes an active system. >There is a huge amount of data around in temporary caches that must be >destroyed.
There is some truth to that but even encryption is not going to stop a key logger or a radiation detector that logs keystrokes. The keystroke is clear text before encryption so maybe I need a Faraday shield room, nahhh :-)
