The Great Zero Challenge

Jim Murray ukcrypto at chiark.greenend.org.uk
Wed, 10 Sep 2008 13:01:43 +0100 

Mary Hawking wrote:
> Does anyone know how good Nigerian (and other) scammers are at reading
> discs supposedly erased?
> Mary Hawking
> PS as I said, this is personal data - and as the problem is to safely
> erase data before dumping the computers, I don't really care whether the
> disc could be re-used.

(note to self - post from the subscribed address in future, it works
better!)

There is a good paper covering most of this stuff to be found here :

http://cmrr.ucsd.edu/people/Hughes/DataSanitizationTutorial.pdf

For personal or even commercially confidential data, DBAN is generally
accepted as being 'good enough'. A disk wiped this way is beyond trivial
recovery. It MAY not be totally erased but the difficulty level of
recovering any data remaining on the disk is high enough to be beyond
the reach of casual opponents (such as nigerian scammers buying drives
off of e-bay or scrounging them from dumps).

A more complete wipe can be obtained by using a little-known ATA command
already supported in almost all modern disks (including SATA, excluding
SCSI). This requires more technical knowledge to achieve, since many
BIOS's block the required command from reaching the hard drive. The best
solution is to put the drive into an external enclosure known to support
passing of the ATA secure erase command (most e-SATA enclosures do, some
USB->IDE enclosures also do, check with the manufacturer) then us a
program to activate the secure erase function of the drive. One such
utility can be found here -
http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml

This method is more effective as it is internal to the drive itself and
thus able to overwrite normally inaccessible areas of the platters (such
as remapped or faulty sectors).

The best way of course is to plan for the day you decommission your
drives before you start using them. Use encrypting hard drives and
enable the encryption key before you start storing any data on them.
Then when you want to erase the data all you need do is change the key
and the data is totally & completely erased (unless you know someone who
can either recover overwritten keys from EEPROMs or can break AES
encryption..). I understand Hitachi manufacture such drives, generally
intended from notebook computers but check BIOS compatibility to ensure
they'll work in your machines.
Another alternative is to use encrypting IDE/SATA controllers and
standard drives. Doing that you don't need to erase a drive - it's
useless without the decryption key & controller. Even if the machine or
drive is stolen it's still useless unless they also manage to steal the
encryption key.

As you can see here,
http://www.addonics.com/products/ruby_cipher/ruby_exd.asp encrypting
enclosures aren't even expensive any more, they are well within the
reach of all organizations and even most home or casual users.
Encrypting data on hard disk really should be standard already....

Securely storing (and erasing) data isn't rocket science, which just
makes me even more furious at just HOW careless some people/agencies
seem to be!

Jim.


-- 
      DigitalDaemons IT Services.
---------------------------------------
   E-Mail : jim@digitaldaemons.co.uk
       PGP Key ID : 0xB7066495