On Sat, 16 Aug 2003 06:40:16 +0200, Ansgar Wiechers <bugtraqat_private> said: > to be a different answers, I was wondering: has there ever been proof of > recovering data (overwritten just once with zeroes or arbitrary values) > via software? I mean real recovery not just restoring one bit and > another. A single wipe with zeros is probably enough to stop *most* software recovery attempts. However, this comes with two *HUGE* gotchas: 1) Quite often, "just one bit and another" is sufficient for the adversary's needs - they might get lucky, or total recovery isn't needed (for instance, recovering 2 or 3 identifiable blocks of a 200M file may be sufficient to prove that the file *was* once on the system for an intellectual-property theft case....) 2) A single pass of all-zeros is almost certainly *NOT* sufficient for protecting against a hardware-based attack, due to residual magnetism issues. And the hardware to do this is *NOT* that expensive (I've seen budgets for do-it-yourself for around $5K). Given that multiple-pass overwriting isn't THAT much more expensive, and raises the problem into a "need the budget of a large TLA to mount a recovery", I can't recommend single-pass wiping for anything worth wiping. -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Aug 18 2003 - 11:18:59 PDT