Peter's paper is an interesting overview of data recovery technology. He does conclude that his 35 write regiment will overwrite all signals on hard disk media. It would seem that performing the 35 writes multiple times would yield an securely erased drive. Yet he clearly is not an expert in data recovery, is organizing others research, and does not provide evidence or tests for his postulates such as the need for a good PRNG. It would be quite interesting to send a disk off to a data recovery company after running through Peter's method with perhaps different parts of the disk treated differently. Also, the section on RAM talks about data persistance but does not cover recovery methods other than SRAM power up bias. Nor is the RAM section referenced. RAM is so active that it would seem little pertinent data could be recovered if any. So, in spite of not being an expert myself I am not convinced that any very well funded entity can recover data that has been overwritten an arbitrarily large number of times. Of course the relative value of my personal data is low and my level of paranoia follows. One can not be called reactionary by recommending a "no-trust" policy. Reading the paper reminds me how long ago it was that I studied the physics of microelectronic devices. Yow!
Bill Frantz (frantz@netcom.com) said At 8:05 PM -0800 12/9/96, John Fricker wrote:
Though, technically, no disk can be securely erased, my program,
Sure it can. Ten overwrites will rendered remnant data obscure. So says the electron microscope waving data recovery experts anyway.
You should really check out Peter Gutmann's paper in the 1996 Usenix Security Conference Proceedings. After reading it, I think you will come to the conclusion that the only secure data destruction technique, against a well-funded attacker, is destruction of the disk. I like thermite myself.
------------------------------------------------------------------------- Bill Frantz | I still read when I should | Periwinkle -- Consulting (408)356-8506 | be doing something else. | 16345 Englewood Ave. frantz@netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA
--j --------------------------------------------------------------------------------- ------------------------ | John Fricker (jfricker@vertexgroup.com) | -random notes- | My PGP public key is available by sending | me email with subject "send pgp key". | www.Program.com is a good programmer web site. -------------------------------------------------------------------------------------------------------- -