Re: Deleting data from a HP 3000 disk drives

Re:

Option "c" is only for clearing, not sanitizing.

Not true, according to NIST Special Publication 800-88 "Guidelines
For Media Sanitization":

Clearing information is a level of media sanitization

I think that only confuses the issue. If you are worrying about DoD
standards and have reason to, you had better know the difference.

I was merely correcting your error above, by quoting from the US government document.

Now, some people (including the above document) distinguish between
"clearing" and "purging":

Purging information is a media sanitization process that protects the
confidentiality of information against a laboratory attack. For some
media, clearing media would not suffice for purging. However, for ATA disk
drives manufactured after 2001 (over 15 GB) the terms clearing and purging
have converged.

Unless your ATA disk has a firmware secure wipe function, this makes
no sense at all. If anything, people are less aware that chunks of
sensitive data maybe lurking on a well used drive that are out of
sight of everything but the drives firmware, or some low budget spy.

I agree, but take that up with the U.S. government...that was their document I quoted :)

That said, the chances of any user data being in a spared (and now normally
inaccessible) track is slim. The chance that it can be recovered is even slimmer.
Of course, that still non-zero. But, then, the chance of someone using an electron
microscope to get data off a sledge-hammered disk drive is *also* non-zero.
Short of grinding up the platters (and RAM chips) there is no 100% complete
method of sanitizing any disk drive against *all* odds.

But that's not relevant: if someone is that worried about their data, their other
sanity problems will prevent them from getting that far in life anyway. :)

If we *could* convince every spy/identity-thief to work on trying to recover
recover data from spared tracks the world would be a MUCH better/safer place!
But, even the dumb ones probably realize that it isn't worth their time/effort...
it's *so* much easier to get data in other ways (trash cans, online hacking,
social engineering), that retrieving data from spared tracks doesn't even make
good science fiction.

BTW, your "low budget spy" is going to be equipped (at best) to read ATA disks, not SCSI disks.
Why? Numbers. (The number of ATA disks in use vs. the number of SCSI disks in use,
and the cost of equipment/software to read ATA disks vs. SCSI disks.)
We can dismiss the "low budget spy" ... besides, they're going to get MUCH better
information by simply swiping a backup tape!


And for the high budget spy, what difference is there in the magnetic
media that eliminates magnetic ghosting in the data?

huh?

In addition to being puzzling as to what you're talking about, that kind
of speculated data recovery is so difficult, so time consuming, and
never shown to have been done in the real world (i.e., outside a
research environment), that discussing that kind of data recovery on this
list is fruitless.


But, such distinction does not mean that "clearing" isn't a method of
sanitizaing.

Option "d" does sanitize, but not for the higher levels of security.

"d" is still a method of sanitizing ... it just isn't an acceptable level
for some needs.

Hmmm, isn't that what I just said?

No, what you had said was mischaracterizing information from a U.S. government
report :)

You had implied that the first two options of WipeDisk were not "sanitizing".

I, quite correctly, pointed out (by citing lines from the afore-mentioned paper)
that they were.


Even your "ridiculously toughest" does not erase/clear/sanitize any
sparred tracks/sectors, or does it?

nope...no access to that from MPE or HP-UX :(

Well actually, if you know what you are doing, you can issue firmware
commands to the drives themselves. Drives tend to support different
function sets even from the same manufacturer, let alone different
manufacturers. And then there is the problem of getting documentation
on drive firmware, errors in the documentation, and being able to get
the function calls right without trashing too many drives.

precisely....and said in fewer words:
the risk of data being recovered from spared tracks is very low.

Anyone that has $5,000 to $10,000 dollars can get an independent lab
to do an easy data extraction off an "accidentally" erased disk. If

I'd be interested in a quote that would include spared tracks from a SCSI drive.

Of course at some point, the S/N ratio of the magnetic media creates a
....

[Interesting discussion of high-tech techniques to extract data from
apparently erased drives deleted ... interesting, but not likely
to be applicable to us]

speaking. This will only continue to get better. Well, until mass
storage is actually kept in a truly binary form and not analog as it
is with magnetic media.

All mass storage ... all storage ... is analog. There is no true binary.
RAM chips store charges or have areas of increased/reduced resistance,
magnetic bubbles have some degree of magnetization, but it's all analog
when you look at the edges :)

Even punched cards are analog ... just ask the Florida election riggers, er, counters :)

If it isn't clear, I think the summary of the thread should be:

There is one choice in disposing of a used disk drive, with
two possible answers:

1) leave it operable

2) leave it inoperable

For both choices, one should ask:

what options to I have to implement my choice,
and what kinds of vulnerabilities exist thereafter?

For each, the vulnerability chart is a standard security pyramid...
the broad base represents most people, the point represents the fewest people.
The higher up the pyramid you go, the more vulnerable your data becomes
(and the more costly it is to extract).

For #1, a one pass write-over produces a security pyramid that excludes
the vast majority of people.
Further,
<ding>

Sorry, my "time's being wasted, get back to real work" buzzer just went off.

--
Stan Sieler
work: www.allegro.com
personal: www.sieler.com/wanted/index.html

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

.

Relevant Pages

  • Re: Deleting data from a HP 3000 disk drives
    ... For Media Sanitization": ... Clearing information is a level of media sanitization ... sight of everything but the drives firmware, ... to do an easy data extraction off an "accidentally" erased disk. ...
    (comp.sys.hp.mpe)
  • Re: cdrecord hangs system when accessing SCSI device
    ... > The cdrecord -ati option that indicates whether the media is accessed did ... > The cdrecord man suggests most drives won't provide that info, ... disks are not writable. ... Why can't one save up all the AOL disks that come in the mail, ...
    (comp.os.linux.hardware)
  • Re: 1100FD & 1.44 3.5" disks
    ... HD floppies are coated with different material than DD floppies are, and DD drives don't have enough current to read them. ... They always have plenty of brand-new DD 3.5" disks. ... Your statement is misleading, it does work (for 3.5", using HD media as DD) and there is no problem over time so far, the difference in coating is very small. ...
    (comp.sys.tandy)
  • Re: DVD-RAM drive -- cant burn?
    ... Remember that DVD-RAM disks are reusable (some up to 50,000 times per my ... Panasonic DVD-RAM instructions). ... Is that the kind of media I would need? ... what other drives in your house can read it. ...
    (microsoft.public.windowsxp.hardware)
  • Re: Conversion from RT-11 to VMS
    ... You can not allow a person without the proper ... > the possibility that the media will self-distruct when read. ... 8" disks are much more durable than most ... I am also the only one with working 8" and 5.25" floppy drives. ...
    (comp.os.vms)