Re: Deleting data from a HP 3000 disk drives
- From: Pete Eggers <peter.m.eggers@xxxxxxxxx>
- Date: Thu, 17 May 2007 15:32:15 -0700
On 5/17/07, Stan Sieler <sieler@xxxxxxxxxxx> wrote:
> > > Option "c" is only for clearing, not sanitizing.
> > Not true, according to NIST Special Publication 800-88 "Guidelines
> > For Media Sanitization":
> > Clearing information is a level of media sanitization
> I think that only confuses the issue. If you are worrying about DoD
> standards and have reason to, you had better know the difference.
I was merely correcting your error above, by quoting from the US
> > Now, some people (including the above document) distinguish between
> > "clearing" and "purging":
> > Purging information is a media sanitization process that protects
> > confidentiality of information against a laboratory attack. For
> > media, clearing media would not suffice for purging. However, for
> > drives manufactured after 2001 (over 15 GB) the terms clearing and
> > have converged.
> Unless your ATA disk has a firmware secure wipe function, this makes
> no sense at all. If anything, people are less aware that chunks of
> sensitive data maybe lurking on a well used drive that are out of
> sight of everything but the drives firmware, or some low budget spy.
I agree, but take that up with the U.S. government...that was their
document I quoted :)
That said, the chances of any user data being in a spared (and now
inaccessible) track is slim. The chance that it can be recovered is even
Of course, that still non-zero. But, then, the chance of someone using an
microscope to get data off a sledge-hammered disk drive is *also*
Short of grinding up the platters (and RAM chips) there is no 100%
method of sanitizing any disk drive against *all* odds.
But that's not relevant: if someone is that worried about their data,
sanity problems will prevent them from getting that far in life anyway. :)
If we *could* convince every spy/identity-thief to work on trying to
recover data from spared tracks the world would be a MUCH better/safer
But, even the dumb ones probably realize that it isn't worth their
it's *so* much easier to get data in other ways (trash cans, online
social engineering), that retrieving data from spared tracks doesn't even
good science fiction.
BTW, your "low budget spy" is going to be equipped (at best) to read ATA
disks, not SCSI disks.
Why? Numbers. (The number of ATA disks in use vs. the number of SCSI
disks in use,
and the cost of equipment/software to read ATA disks vs. SCSI disks.)
We can dismiss the "low budget spy" ... besides, they're going to get MUCH
information by simply swiping a backup tape!
> And for the high budget spy, what difference is there in the magnetic
> media that eliminates magnetic ghosting in the data?
In addition to being puzzling as to what you're talking about, that kind
of speculated data recovery is so difficult, so time consuming, and
never shown to have been done in the real world (i.e., outside a
research environment), that discussing that kind of data recovery on this
list is fruitless.
> > But, such distinction does not mean that "clearing" isn't a method of
> > sanitizaing.
> > > Option "d" does sanitize, but not for the higher levels of security.
> > "d" is still a method of sanitizing ... it just isn't an acceptable
> > for some needs.
> Hmmm, isn't that what I just said?
No, what you had said was mischaracterizing information from a U.S.
You had implied that the first two options of WipeDisk were not
I, quite correctly, pointed out (by citing lines from the afore-mentioned
that they were.
> > > Even your "ridiculously toughest" does not erase/clear/sanitize any
> > > sparred tracks/sectors, or does it?
> > nope...no access to that from MPE or HP-UX :(
> Well actually, if you know what you are doing, you can issue firmware
> commands to the drives themselves. Drives tend to support different
> function sets even from the same manufacturer, let alone different
> manufacturers. And then there is the problem of getting documentation
> on drive firmware, errors in the documentation, and being able to get
> the function calls right without trashing too many drives.
precisely....and said in fewer words:
the risk of data being recovered from spared tracks is very low.
> Anyone that has $5,000 to $10,000 dollars can get an independent lab
> to do an easy data extraction off an "accidentally" erased disk. If
I'd be interested in a quote that would include spared tracks from a SCSI
> Of course at some point, the S/N ratio of the magnetic media creates a
[Interesting discussion of high-tech techniques to extract data from
apparently erased drives deleted ... interesting, but not likely
to be applicable to us]
> speaking. This will only continue to get better. Well, until mass
> storage is actually kept in a truly binary form and not analog as it
> is with magnetic media.
All mass storage ... all storage ... is analog. There is no true binary.
RAM chips store charges or have areas of increased/reduced resistance,
magnetic bubbles have some degree of magnetization, but it's all analog
when you look at the edges :)
Even punched cards are analog ... just ask the Florida election riggers,
er, counters :)
If it isn't clear, I think the summary of the thread should be:
There is one choice in disposing of a used disk drive, with
two possible answers:
1) leave it operable
2) leave it inoperable
For both choices, one should ask:
what options to I have to implement my choice,
and what kinds of vulnerabilities exist thereafter?
For each, the vulnerability chart is a standard security pyramid...
the broad base represents most people, the point represents the fewest
The higher up the pyramid you go, the more vulnerable your data becomes
(and the more costly it is to extract).
For #1, a one pass write-over produces a security pyramid that excludes
the vast majority of people.
Sorry, my "time's being wasted, get back to real work" buzzer just went
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
- Prev by Date: CONLOG.pubxl.telesup
- Next by Date: Re: Deleting data from a HP 3000 disk drives
- Previous by thread: Re: Deleting data from a HP 3000 disk drives
- Next by thread: Re: Deleting data from a HP 3000 disk drives