On Aug 21, 2008, at 12:10 AM, Robert J. Hansen wrote:
I can only speak for myself here, but I strongly suspect Werner,
David,
Mark and everyone else who's been chiming in will agree -- we are not
talking about total destruction of hard drives as something you should
want to do.
We're talking about total destruction of hard drives as the _only
realistic way to scrub data._
I more or less agree with this, except I'd add the qualifier that it's
the only realistic way to completely scrub data with a perfect (or
close enough to perfect such that any difference is irrelevant)
guarantee of success. Basically I'm adding a "perfect" and a
"guarantee". There are other ways to scrub data, and whether they are
effective in practice depends on who the adversary is. An adversary
who can merely download and run an undelete program is very different
from an adversary with an entire computer forensics laboratory (and
budget to match), and there are more people with undelete programs out
there then there are forensics labs.
I can't speak for the dozen or more shred programs that can be
downloaded from the net. (I'm sure many of them are garbage - the
trick is knowing which ones). For many adversaries, a good shred
program is effective. Just because it isn't effective against all
adversaries, doesn't mean that it isn't effective against some.
All that said, I don't really use disk or file shredding software.
When I buy a drive, I use it until it dies and then I destroy it.
Disks are cheap and last for years. Plus, shredding a multi-hundred-
gigabyte disk can take days and hitting a drive with a hammer takes
minutes. Plus again, given that I use the drive until it dies, it may
not even be possible to shred.
David
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
