On Aug 21, 2008, at 5:08 PM, Faramir wrote:
Chris De Young escribió:
Robert J. Hansen wrote:
Faramir wrote:
lets say I just want to avoid recovery software like "get data
back"
being able to recover a file. Is there a reliable way to do it
without going to "extreme" solutions?
No.
It's not clear to me why this is the case; it seems to me that if
you're only
worried about access that uses the drive's own process for getting
bits off the
platters, then a simple overwrite (and only once) would be
sufficient. If you're
going to try to read the drive using the drive's own read/write
heads and
firmware (which all of these software applications do, right?), the
most
recently written bits are the only ones that should be available.
That's is what I am no longer sure I can do, I mean, it seems I can
tell the disk "overwrite that file", and the disk can write somewhere
else, not over the sectors containing the file I want to "destroy" (at
least, that is what I have understood from this thread). But maybe
there
is some app capable of telling the disk "write this random patter
right
over the place where the original file is, and not in other places".
That's exactly the problem - given modern disks, and modern
filesystems, there is not a perfect guarantee that you'll hit the same
disk blocks that the original file landed on. The disk could
invisibly remap a block out from under you at any time (it does this
automatically when the disk firmware detects a bad block), the
filesystem could be doing journaling games, etc, etc. A program
running on the computer the disk is attached to can't really do much
about disk block remapping since it doesn't see this. It always asks
for (for example) block 100. If the file was written when block 100
pointed to block 100, but by the time the overwrite happens, block 100
has become 12345, then the computer doesn't know it needs to overwrite
both 100 and 12345 to get all traces of the file.
Well, the original question did not include any context (and I was
not the one making the question), so it was very reasonable to talk
about physical destruction of the drive, but since I am sure some
people
is not concerned about NSA or KGB trying to recover the info, just
about
low budget people, I added that context... something like "I want to
be
sure my room mate won't be able to recover the picture portraying my
girlfriend naked, which I just deleted" (it is just an imaginary
context, I don't have that problem).
Let's simplify things this way: you have regular people and forensics
lab people. You have single file shredding, and whole-disk
shredding. Regular people only have access to the disk that a
computer can have. That is, they are reading the disk using the disk
interface. Forensics labs can do things like remove the platters and
go for the electron microscopes. Single file shredding is just that -
you pick a particular file on the disk and shred it. Other files are
not affected. Whole-disk shredding shreds the whole disk at a block
level, and the entire contents of the disk are lost. The disk would
need a reformat / re-mkfs before using it again. This is a
simplification, of course, but it's a reasonable one.
We've discussed forensics lab stuff elsewhere in this thread, so I'll
skip it here. That leaves only two cases:
Regular people + single file shred: This may or may not be safe
depending on whether the filesystem you are using overwrites in place
or not. Many modern filesystems (Reiser, XFS) do not necessarily
overwrite in place. More primitive filesystems (like the FAT FS that
is used on many external disks) do overwrite in place. Linux systems
most commonly use ext3, and that may or may not overwrite in place,
depending on how it is configured. Then there is the fact that many
programs create temp files here and there which wouldn't get
shredded. On top of that there is the fact that many programs save
files in ways that can defeat shredding. Bottom line: it can be safe,
but you have to really know details of your OS and what programs
generate the files you want to shred. In practice, it's a little iffy.
Regular people + whole disk: This is pretty safe. The disk might be
doing magic underneath you, but given that the attacker is only able
to read the disk via the disk interface itself, the magic is not
visible (or rather, it is equally visible or invisible to both you and
your attacker). Any temp files are blown away just like everything
else is.
Bottom line is, yes, you can protect yourself from your roommate with
shredding (assuming your roommate doesn't work for a computer
forensics lab). Of course, you'd better make sure your shred program
is a good one. I've seen some pretty silly bugs that make some of
them not actually protect you particularly well...
David
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
