Re: Data recovery (was: Re: SETI@home (ca. 2000) servers heading to salvage)

[Ethan O'Toole via cctalk]

For those in the know, how much success - assuming a "money is no object" 
approach - do data recovery companies have in retrieving data from drives 
that have a) been overwritten with zeros using dd or similar, and b) been 
overwritten with random data via a more comprehensive tool?

cheers,
Jules


I am pretty sure someone had a bounty out there, they give you a hard 
drive that had a phase on it that is stored linear on the platter. They 
write over it once with zeros. If you can recover the phrase then you win 
the bounty.


It's unclaimed.

Everyone talks about some theoretical ideas but no proof of it being done. 
My understanding is once you erase the data it's difficult to tell the 
difference between something recently erased and the noise floor. This was 
last time I looked into this which was a while ago. Maybe nation state 
has some ability but you or your customers data isn't worth the hassle.


Prior employer would just have hundreds/thousands of pounds of hard drives 
ground up though. To eliminate any risk of data leakage. I am sure the 
same is done with SSDs by other companies and the US Government. 
Probably grinding up $9000 8TB SSDs all day.




--
: Ethan O'Toole

Re: Data recovery (was: Re: SETI@home (ca. 2000) servers heading to salvage)

[Paul Koning via cctalk]

> On Apr 4, 2022, at 10:55 AM, Warner Losh via cctalk  
> wrote:
> 
> That's what a sanitize operation does. It forgets the key and reformats the
> metadata with a new key.

Yes, but the devil is in the details.  For example, for the SSD case, it is 
necessary verify that the flash block that previously held the key information 
has been explicitly erased (successfully) and not merely put on the free list.  
That's a detail I once pried out of a manufacturer, insisting they were 
required to answer in order to get the business.

paul

Re: Data recovery (was: Re: SETI@home (ca. 2000) servers heading to salvage)

[Warner Losh via cctalk]

That's what a sanitize operation does. It forgets the key and reformats the
metadata with a new key.

Also, with SSDs, any erase block that's erased is going to not have any
data that's recoverable.
First, the erase voltage is huge, moving the cell to a negative
voltage (the only abode that's
negative is all 1's). Next, the microprocessor in the NAND dies are going
to 'pre-program' the
abodes to a uniform negative voltage that's easier to program when you
start putting data on
the ages. Finally, most (nearly all) NAND dies have randomization circuitry
that randomizes the
data after you send it to the drive (or whitens it) that you'll need the
psuedorandom seed to read
it back coherently.

The problem, though, comes with erase blocks that have broken and no longer
erase. These
retired blocks can contain data still, but given the
randomization/whitening and/or some
global encryption key, the data can be difficult or impossible to
meaningfully recover, even
when other pathologies don't degrade the block more (not least is aging: if
the block was
retired a long time ago, the NAND cells, being tiny capacitors, will bleed
the charge off to
the erased state +/-).

As with most forms of data destruction, putting a metal spike through the
NAND dies
themselves would likely suffice :) But it is a tad destructive

Warner

On Mon, Apr 4, 2022 at 8:34 AM Chris Zach via cctalk 
wrote:

> Good data Paul! SSD's are a different beast, if you're going to put data
> on them that you do not want recovered I would recommend encrypting the
> drive before using it, then when done delete/destroy the key. That
> should turn your drive into a useless (but format-able) chunk of silicon.
>
> C
>
> On 4/4/2022 8:28 AM, Paul Koning via cctalk wrote:
> > SSDs are a different story entirely because there you don't write over
> the actual data; instead a write updates internal metadata saying where the
> most recent version of block number xyz lives.  So, given that you tend to
> have a fair amount (10 or 20 percent if not more) of "spare space" in the
> SSD, previous data are likely to be hanging around.  I suspect if you write
> long enough you could traverse all that, but how to do that depends on the
> internals of the firmware.  That's likely to be confidential and may not
> even be reliably known.
> >
> > There are SSD SEDs.  If designed correctly those would give you
> cryptographically strong security and "instant erase".  Not all disk
> designers know how to do these designs correctly.  If I needed an SED (of
> any kind) I'd insist on a detailed disclosure of its keying and key
> management.  Prying that out of manyfacturers is hard.  I've done it, but
> it may be that my employer's name and unit volume was a factor.
>

Re: Data recovery (was: Re: SETI@home (ca. 2000) servers heading to salvage)

[Jonathan Chapman via cctalk]

> SSD's are a different beast, if you're going to put data
> on them that you do not want recovered I would recommend encrypting the
> drive before using it, then when done delete/destroy the key. That
> should turn your drive into a useless (but format-able) chunk of silicon.

That's our take on it. SSDs get FDE or they don't leave. Secure Erase is nice 
for blowing away old formatting/partitioning, but we're not trusting it on 
sensitive customer data.

Thanks,
Jonathan

Re: Data recovery (was: Re: SETI@home (ca. 2000) servers heading to salvage)

[Chris Zach via cctalk]

Good data Paul! SSD's are a different beast, if you're going to put data 
on them that you do not want recovered I would recommend encrypting the 
drive before using it, then when done delete/destroy the key. That 
should turn your drive into a useless (but format-able) chunk of silicon.


C

On 4/4/2022 8:28 AM, Paul Koning via cctalk wrote:

SSDs are a different story entirely because there you don't write over the actual data; 
instead a write updates internal metadata saying where the most recent version of block 
number xyz lives.  So, given that you tend to have a fair amount (10 or 20 percent if not 
more) of "spare space" in the SSD, previous data are likely to be hanging 
around.  I suspect if you write long enough you could traverse all that, but how to do 
that depends on the internals of the firmware.  That's likely to be confidential and may 
not even be reliably known.

There are SSD SEDs.  If designed correctly those would give you cryptographically strong 
security and "instant erase".  Not all disk designers know how to do these 
designs correctly.  If I needed an SED (of any kind) I'd insist on a detailed disclosure 
of its keying and key management.  Prying that out of manyfacturers is hard.  I've done 
it, but it may be that my employer's name and unit volume was a factor.

Re: Data recovery (was: Re: SETI@home (ca. 2000) servers heading to salvage)

[Paul Koning via cctalk]

> On Apr 4, 2022, at 10:20 AM, Jules Richardson via cctalk 
>  wrote:
> 
> On 4/3/22 10:51, Eric J. Korpela via cctalk wrote:
>> drive removed and destroyed for privacy reason.
> 
> For those in the know, how much success - assuming a "money is no object" 
> approach - do data recovery companies have in retrieving data from drives 
> that have a) been overwritten with zeros using dd or similar, and b) been 
> overwritten with random data via a more comprehensive tool?

There's a research group in, I think, UCSD which studies that question.  From 
what I recall, in modern hard disk drives with microscopic tracks and not a 
whole lot of margin anywhere, one overwrite is plenty good.  The legendary 
multiple erase schemes are mostly rumors -- I looked long and hard for the 
supposed government standards that specify these and found they don't seem to 
exist -- and no longer useful.

SSDs are a different story entirely because there you don't write over the 
actual data; instead a write updates internal metadata saying where the most 
recent version of block number xyz lives.  So, given that you tend to have a 
fair amount (10 or 20 percent if not more) of "spare space" in the SSD, 
previous data are likely to be hanging around.  I suspect if you write long 
enough you could traverse all that, but how to do that depends on the internals 
of the firmware.  That's likely to be confidential and may not even be reliably 
known.

There are SSD SEDs.  If designed correctly those would give you 
cryptographically strong security and "instant erase".  Not all disk designers 
know how to do these designs correctly.  If I needed an SED (of any kind) I'd 
insist on a detailed disclosure of its keying and key management.  Prying that 
out of manyfacturers is hard.  I've done it, but it may be that my employer's 
name and unit volume was a factor.

paul

Data recovery (was: Re: SETI@home (ca. 2000) servers heading to salvage)

[Jules Richardson via cctalk]

On 4/3/22 10:51, Eric J. Korpela via cctalk wrote:

drive removed and destroyed for privacy reason.


For those in the know, how much success - assuming a "money is no object" 
approach - do data recovery companies have in retrieving data from drives 
that have a) been overwritten with zeros using dd or similar, and b) been 
overwritten with random data via a more comprehensive tool?


cheers,

Jules

Re: Core memory

[Magnus Ringman via cctalk]

On Sun, Apr 3, 2022 at 4:01 PM Will Cooke via cctech 
wrote:

> > Gentle plug for https://www.daliborfarny.com/.
>
> I got excited by that until I saw there was no pricing and no
> availability.  :-(
>

I know :-P  I binge-watched their youtube channel (here
) last summer, and came to
understand that they've moved offices and are building a better workshop
(or factory.)  Guess we'll see.

Magnus

RE: AlphaServer 2100s available

[Dave Wade G4UGM via cctalk]

Folks,

I got one of these from Antonio. It has 4 x CPU boards in plus a few disk 
drives, but it does not want to power up. It did spin the fans up then shut 
down. . I now have a lot of other projects on the go, so if anyone would like 
it please let me know.
Its in Manchester, England.  Replies off-list please.

Dave

> -Original Message-
> From: cctalk  On Behalf Of Antonio Carlini
> via cctalk
> Sent: 21 July 2020 20:58
> To: General Discussion: On-Topic and Off-Topic Posts
> 
> Subject: AlphaServer 2100s available
> 
> I have three AlphaServer 2100 systems in storage in the UK (Oxfordshire).
> The storage, however, is due to be demolished (soon, but no fixed date).
> 
> 
> I won't have room to store these three systems, so if anyone would be
> interested in offering them a home, then please get in touch!
> 
> 
> I can probably get some pictures in the next day or two.
> 
> 
> These systems were SMP Alphas and could sport as many as 4 CPUs. I'm not
> sure of the configuration of these systems but I can probably find that
> out soon.
> 
> They have not been run since ~2003 so they may be in need of some TLC.
> OTOH they are not rusted to death so you have a chance of getting them
> back to life.
> 
> 
> Just so you know what you might be dealing with these systems are about:
> 700mm H x 430mm W x 810mm L.
> 
> 
> I can't find the weight in any of my references right now but they are
> very heavy. Three people can move them up a slight slope with some
> effort but you would not successfully lift it into a car (assuming that
> it would fit). I'm planning to dismantle them to move them (i.e. remove
> PSU/PSUs etc. until they are light enough to move). A tail-lift would
> probably be the sane way to go (and is, indeed, how they got to their
> current location.
> 
> 
> I'm hoping that someone can step forward and offer one or more of these
> machines a new home. Please contact me off-list (once you're sure you
> understand what you are getting into :-)).
> 
> 
> Antonio
> 
> 
> --
> Antonio Carlini
> anto...@acarlini.com