RE: [heise online UK] Secure deletion: a single overwrite will do it

[Dave Kleiman]

On Mon, 19 Jan 2009, Stefan Kelm wrote:
 ...it has to be overwritten completely, sector
 by sector. Although this takes time, it costs nothing: the dd command in
 any Linux distribution will do the job perfectly.

Note quite perfectly, and not nearly as fast as the built-in option (see below).

On Mon, 20 Jan 2009, Jason wrote:
I agree in general, although you still have to watch out for reserve tracks 
(search on this page).All hard disks have reserved sectors, which are 
used automatically by the 
drive logic if there is a defect in the media.:

Yes the main areas you are referring to are known as the P-List (Primary 
Defects List – manufacture defect info that does not change) G-List (Grown 
Defects Lists – sector relocation table). You can only access the P-List with 
special commands and tools. 

However, you can wipe the G-List are if you do it outside of an OS (or a tool 
that can access the system area), since the OS knows nothing of these sectors. 
The easiest (possible the best because of speed) way to accomplish this in 
modern ATA hard drives (2001 forward) is with the built-in Secure Erase 
program. Conveniently placed there for us by Recording Research (CMRR) headed 
by Gordon Hughes, Associate Director of CMRR, USSD on the Secure Erase 
Initiative.

At the ANSI T-13 Committee meeting in 2004, Gordon described the differences 
between block erase as described in government document DoD2550 and Secure 
Erase. Unlike block level erase Secure Erase also overwrites reassigned blocks 
and can be up to eight times faster (per CMRR tests).
In addition the enhanced SE command qualifies for Federal Government secret 
data classification erasure. 

You can download a DOS-based utility HDDerase that securely erases all data on 
ATA hard disk drives via the internal secure erase command. 
http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml


And yes, I am the same Dave Kleiman from the paper.



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Re: MD5 considered harmful today, SHA-1 considered harmful tomorrow

[Peter Gutmann]

Jon Callas j...@callas.org writes:

I've always been pleased with your answer to Question J, so I'll say what
we're doing at PGP.

That wasn't really meant as a compliment :-).  The problem is that by leaping
on things the instant they appear you end up having to support a menagerie of
wierdo algorithms and mechanisms that the industry as a whole never adopts.
How many crypto libraries that could be used to implement the OpenPGP spec
actually support Haval, or Tiger, or Twofish, or SAFER-SK128?  The result of
this too-quick adoption has been a bunch of gaps in newer versions of the spec
(look for a range of algorithm IDs marked as reserved) where algorithms
adopted too quickly were removed again when they failed to gain general (or
any) acceptance.

Another concern with too-quick adoption is the potential for moving to an
algorithm that's later found to be flawed.  This hasn't happened yet for
cryptographer-designed algorithms and mechanisms (as opposed to WEP et al) but
it's quite possible that some new algorithm introduced at Crypto n is shown to
reduce to rot-13 in a paper published in Crypto n+1.  I use an informal five-
year rule that I won't make an algorithm a default (i.e. enabled without
explicit user action) until it's had active attention paid to it for at least
five years, where active attention means not so much published in an obscure
conference somewhere but required in an industry spec or something similar
that results in active scrutiny of its security.  (Actually it's not quite
that simple, it's more of a balancing act and the pace depends on whether
there are credible threats to the current default algorithm or not).

In crypto, new doesn't necessarily mean better, it can also mean
riskier.

Peter.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com