Jump to content











Photo

Encrypt Your Sensitive Data before Wiping It !


  • Please log in to reply
59 replies to this topic

#51 Master of Disaster

Master of Disaster

    Member

  • Members
  • 62 posts
  •  
    Monaco

Posted 29 November 2010 - 08:40 PM

Nuno, u r absolutely right about every word u said..but i beg ur pardon and also Icecube..this is not the subject we r having all this conversation about..the subject is the best method to destroy a data on a hdd..and the final reply that no one after that replied against was this one where all the rejections is why using wipe if encryption is enough:

u need to read this agian..its very clear that jamal wanted us to wipe the data to eliminate any of the following concerns no matter how minor the possebility is
by using wipe after encrypt is to close any possible gap of what mentioned below=
(Cold boot attacks are one of the few possible methods for subverting a whole-disk encryption method, as there is no possibility of storing the plain text key in an unencrypted section of the medium. However, even this is unlikely and difficult to execute in a non-laboratory situation, as a cold boot attack requires immediate network access to the computer and is only possible within several minutes or even seconds of the system being depowered, depending on the kind of random access memory used. Even then there is still the possibility of the key itself being scrambled or otherwise protected, which may make even this method fail.
Other side-channel attacks, like the use of hardware-based keyloggers or acquisition of a written note containing the decryption key, may offer a greater chance to success, but do not rely on weaknesses in the cryptographic method employed. As such, their relevance for this article is minor)

then after that i mentioned that jamal's method might be emplemented in top gov security agencies as the best method to destroy data once and for all as the next best method to destroying a data on a hdd..but later came icecube and talked about security breach..and with respect this is not our topic we r talking about or the tutorial of jamal is talking about..we stoped last thing on a joke by dog with a funny reply..but later came icecube and things messed up in no related replies..sorry for this..with respect to all.

Edited by Master of Disaster, 29 November 2010 - 08:42 PM.


#52 sambul61

sambul61

    Gold Member

  • Advanced user
  • 1568 posts
  •  
    American Samoa

Posted 30 November 2010 - 01:34 AM

I've a couple of dummy questions:

- what's wrong with encrypting access to the drive and/or data before accessing it and wiping with 0s?
- where is the evidence that one pass zeroed data CANNOT be recovered? :cheers:

What's this battle is all about? Why don't leave that choice to the drive owner? Do we know, what equipment HD makers use in their labs? What software is available to "agencies"? If one method has proven to fail data recovery, another method can possibly be found. This discussion is abstract at best, as well as some pubs on the topic. Nobody had proven that recovery of overwritten data is impossible in principle. All legal talk in docs is only about sufficient destruction level for a particular user group. All tech talk is about insufficient sensitivity of similar class equipment to read erased (zeroed) data back. Basically, the same set of tech standards & specs was relied on in attempting data recovery, that was used in writing the original data. Who said, its always that way? :cheers:

Edited by sambul61, 30 November 2010 - 02:17 AM.


#53 Master of Disaster

Master of Disaster

    Member

  • Members
  • 62 posts
  •  
    Monaco

Posted 30 November 2010 - 02:05 AM

sambul61 ur absolutly right..agree with u totally..jamal in this tutorial came up with a method of (encrypt then wipe) beacuse what ur saying is totally right and is proved and documented as facts here in wikipedia:
http://en.wikipedia..../Data_remanence
the article in wikipedia proves that only encryption can destroy data with very very little minor chances of recovery( cold boot attack and side channel attacks)..so becauese of that very very minor little chance of recovery of encrypted data by those 2 attacks jamal came up with the method of wiping hdd after encryption so to eleminate any file recovery by any chance and by any means possible ..he was totally right according to the facts in wikipedia..thats what i was telling everybody in all this replies. :cheers:

Edited by Master of Disaster, 30 November 2010 - 02:18 AM.


#54 steve6375

steve6375

    Platinum Member

  • Developer
  • 7063 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films,guitars, www.easy2boot.com
  •  
    United Kingdom

Posted 30 November 2010 - 05:49 PM

sambul61 ur absolutly right..agree with u totally..jamal in this tutorial came up with a method of (encrypt then wipe) beacuse what ur saying is totally right and is proved and documented as facts here in wikipedia:
http://en.wikipedia..../Data_remanence
the article in wikipedia proves that only encryption can destroy data with very very little minor chances of recovery( cold boot attack and side channel attacks)..so becauese of that very very minor little chance of recovery of encrypted data by those 2 attacks jamal came up with the method of wiping hdd after encryption so to eleminate any file recovery by any chance and by any means possible ..he was totally right according to the facts in wikipedia..thats what i was telling everybody in all this replies. :)

from your wiki link...

Feasibility of recovering overwritten data
Peter Gutmann investigated data recovery from nominally overwritten media in the mid-1990s. He suggested magnetic force microscopy may be able to recover such data, and developed specific patterns, for specific drive technologies, designed to counter such.[2] These patterns have come to be known as the Gutmann method.
Daniel Feenberg, an economist at the private National Bureau of Economic Research, claims that the chances of overwritten data being recovered from a modern hard drive amount to "urban legend".[3] He also points to the "18½ minute gap" Rose Mary Woods created on a tape of Richard Nixon discussing the Watergate break-in. Erased information in the gap has not been recovered, and Feenberg claims doing so would be an easy task compared to recovery of a modern high density digital signal.
As of November 2007, the United States Department of Defense considers overwriting acceptable for clearing magnetic media within the same security area/zone, but not as a sanitization method. Only degaussing or physical destruction is acceptable for the latter.[4]
On the other hand, according to the 2006 NIST Special Publication 800-88 (p. 7): "Studies have shown that most of today’s media can be effectively cleared by one overwrite" and "for ATA disk drives manufactured after 2001 (over 15 GB) the terms clearing and purging have converged."[1] An analysis by Wright et al. of recovery techniques, including magnetic force microscopy, also concludes that a single wipe is all that is required for modern drives. They point out that the long time required for multiple wipes "has created a situation where many organisations ignore the issue all together – resulting in data leaks and loss. "[5]

Also, if you believe (without any shred of evidence and despite the references above saying it is practically impossible even using magnetic force microscopy) that recovery of overwritten data is or may be possible, how does encrypting sensitive data on a hard disk make it safe? Surely the same technique could be used to recover the unencrypted original remnant data???


I am sorry but I see no logic in your assertions?

#55 ceehoppy

ceehoppy

    Newbie

  • Members
  • 29 posts
  • Interests:Tinkering, DIY - home & cars age:38
  •  
    United States

Posted 30 November 2010 - 07:43 PM

WOW!! I've never seen a topic polarize a forum quite this way before. If you want to know which method is "better" then someone should apply forensic recovery techniques to drives treated with one, then the other. Until that time, you can find quotes & statistics, & interpret them, as you wish to support either view. (In car talk linguo we call that "bench racing")
It's your time, your drive- do what you're going to do. If you're that concerned about someone pulling info off an old drive, physically destroy before disposal.

#56 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 15026 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 30 November 2010 - 08:02 PM

Let's see if it is possible to explain the logic (or assumed logic) behind my reasoning.

I have my reasons to believe that nothing can be retrieved from a hard disk after a single 00's wipe pass.

This is "my" theory (as well as that of a number of security experts - including the guys at http://cmrr.ucsd.edu/ :)).

Let's assume that it is FALSE :cheers: , and that ONE (or more) levels "below" can be retrieved, somehow.

Now, in jamal's tutorial we have THREE levels:
  • original data
  • encrypted data
  • 00's (wiping)

jamal suggests that once the "current" level is #3, someone can always get to level #2.

Now, since there is a relationship (the encryption algorithm and it's password or hash) between level #2 and level #1, noone can say if there is someone else capable of unencrypting the data in level #2 and get to level #1.

In other words, the presumed security is ENTIRELY relying on the encryption algorithm.

Then, it makes little sense to also wipe the hd.

Besides, as much as there is NO evidence of any data EVER retrieved from level n-1, if you believe that it is possible, there is no logical reason why you should believe that level n-2 is not also recoverable (or level n-3, etc.)

On the other hand, if there is no certainty of the encryption being unbreakable, it would make much more sense to use at level #2, instead of encrypted data, completely RANDOM data, i.e. something that has NO connection with the underlying level #1, which by the way is part of the original Gutmann's recommendations and of DoD 5220.22-M/NISPOM:
http://www.zdelete.com/dod.htm
http://www.usaid.gov...00/d522022m.pdf
http://en.wikipedia....ecurity_Program

If "my" theory is TRUE, then it is completely UNNEEDED to encrypt the data since nothing can be retrieved below "current level".

So, you need to take your choice:
  • if you believe that nothing can be retrieved below current level n (i.e. level n-1), you just need to wipe the disk.
  • if you believe that something can be retrieved below current level, you should make damn sure that contents of level n-1 has NO connection whatsoever with contents of level n-2 (random data is evidently a better choice than encrypted data)
  • if you believe that data can be recovered from a number of levels below, you have no choice but Degauss or destroy physically the media or use the whole set of 35 passes - in the words of the mentioned Mr. Peter Gutmann:
    http://www.cs.auckla...secure_del.html

    some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques. As a result, they advocate applying the voodoo to PRML and EPRML drives even though it will have no more effect than a simple scrubbing with random data.

(and cross your fingers, hold tight your rabbit's foot and hope)

:cheers:
Wonko

#57 sambul61

sambul61

    Gold Member

  • Advanced user
  • 1568 posts
  •  
    American Samoa

Posted 30 November 2010 - 09:30 PM

How ppl can believe in something they have no awareness about true state of? :) What choice do they have...

It sounds quite reasonable to replace encryption with random data writing anyway. On the other hand, if only part of info can be restored after being zeroed, cracking encryption sounds a lot less feasible (while cracking random data fruitless).

Whatever the user opts for, its always better to zero data before getting rid of your hard drive rather than format it, delete content or just do nothing. :cheers: I agree that the Tutorial would be easier to comprehend without excessive pictures highlighting obvious.

Edited by sambul61, 30 November 2010 - 10:08 PM.


#58 barin6588

barin6588

    Newbie

  • Members
  • 12 posts

Posted 30 November 2010 - 10:20 PM

السيد جمال تحية طيبة - أنا من المعجبين بمواضيعك الممتازة وأسلوبك الآنيق بالكتابة والتحليل وتدعم مواضيعك بشكل ممتاز بالصور التوضيحية - كذلك كما الاحظ ان مواضيعك تسبب النقاش الكبير نظرا للنظريات التي تطرحها جريئة وواقعية وتبدو من خبرتك الكبيرة والفريدة في عدد منها-أنا بالحقيقة أعرفك شخصيا فقد ألتقينا في أبريل من عام 2006 في مايكروسوفت لبنان-حيث أستمعت ألى محاضرتك التي ألقيتها في تطبيق الوندوز فيستا والآوفيس 2007 على الحاسبات والخاصة بالمحترفين-حيث كنت أنا رئيس قسم الحماية من القرصنة لمايكروسوفت لبنان والشرق الاوسط وباكستان-لاادري هل تذكرني-وتعرفت اليك حينها وأبديت لك اعجابي بك كخبير المعلوماتية العراقي وعلمك واسلوبك الرائع في حينها-لا ادري هل لازلت في لبنان مقيم ام انت في الولايات المتحده كما ارى من العلم الامريكي جانب اسمك-يسعدني اللقاء بك مرة ثانيه-وزادك الله علما

#59 Jamal H. Naji

Jamal H. Naji

    Frequent Member

  • Tutorial Writer
  • 178 posts
  •  
    United States

Posted 30 November 2010 - 10:27 PM

السيد جمال تحية طيبة - أنا من المعجبين بمواضيعك الممتازة وأسلوبك الآنيق بالكتابة والتحليل وتدعم مواضيعك بشكل ممتاز بالصور التوضيحية - كذلك كما الاحظ ان مواضيعك تسبب النقاش الكبير نظرا للنظريات التي تطرحها جريئة وواقعية وتبدو من خبرتك الكبيرة والفريدة في عدد منها-أنا بالحقيقة أعرفك شخصيا فقد ألتقينا في أبريل من عام 2006 في مايكروسوفت لبنان-حيث أستمعت ألى محاضرتك التي ألقيتها في تطبيق الوندوز فيستا والآوفيس 2007 على الحاسبات والخاصة بالمحترفين-حيث كنت أنا رئيس قسم الحماية من القرصنة لمايكروسوفت لبنان والشرق الاوسط وباكستان-لاادري هل تذكرني-وتعرفت اليك حينها وأبديت لك اعجابي بك كخبير المعلوماتية العراقي وعلمك واسلوبك الرائع في حينها-لا ادري هل لازلت في لبنان مقيم ام انت في الولايات المتحده كما ارى من العلم الامريكي جانب اسمك-يسعدني اللقاء بك مرة ثانيه-وزادك الله علما


اهلا بك أستاذ علي-بكل تأكيد أذكرك-وكيف أنسى شخصية رائعه ومهمة وطيبة مثل جنابكم الكريم--أهلا بك في هذا الموقع المهم الذي يضم خيرة الخبراء في العالم بمجال المعلوماتيه والبرامجيات واتمنى لك وقتا ممتعا ومفيدا معنا..وأشكرك الشكر الكبير على أهتمامك وكلماتك الطيبة بمواضيعي التدريبية التي أقدمها..بالنسبة لي أنا مقيم حاليا في الهند ولكن اتردد نعم على الولايات المتحده ثلاث او اربع مرات بالسنة لحضور بعض المؤتمرات المهمه فيها..أكرر لك شكري وترحيبي بك..ويمكنك مراسلتي دائما من المسنجر الجانبي لهذا الموقع ان احببت ان تسئلني عن اي اشياء خاصة..مرحبا بك سيدي الكريم

#60 Jamal H. Naji

Jamal H. Naji

    Frequent Member

  • Tutorial Writer
  • 178 posts
  •  
    United States

Posted 30 November 2010 - 10:41 PM

Dear all, I would really thank you for all your replies and inputs, it really enriched this subject with great expertise that each one of you have, I do appreciate all what you said, and I really do take them into consideration and practice them in my work, regardless if I agree with them or not, and regardless the results are identical to your knowledge or not, because the first thing I consider is that very valuable knowledge you all have that any one at all can benefit from. I just would like to add a little acknowledgement here that this tutorial is intended for beginners not for experts, beginners like business men, or normal users that would like to replace their PCs or HDDs for any reason, and they need to make sure nothing personal is left behind in their PCs, so I find it ideal to do what I mentioned in my tutorial, that by default comes with lots of step by step pictures, so to make things easy for them, actually not just normal users will benefit from this tutorial with all its pictures, but also professionals in the calibre of Nuno Brito, you can refer to his input early in this forum about this subject, simply because many of us maybe have not went thru testing some programs, and those pictures will definitely help. Thank you all again, your input in this subject really satisfied me and made me more knowledgeable.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users