The Great Zero Challenge

Callum Finlayson ukcrypto at chiark.greenend.org.uk
Fri, 12 Sep 2008 10:38:43 +0100 

On Tue, Sep 9, 2008 at 7:50 AM, Mary Hawking
<maryhawking@tigers.demon.co.uk> wrote:
> In message <20080909021901.18551.33748.Mailman@chiark.greenend.org.uk>,
> ukcrypto-request@chiark.greenend.org.uk writes
>
>> Why, whenever hard drive deletion is mentioned, do sensible people forget
>> anything they know about attack models and cost-benefit?
>>
>> You cannot prove that data on a disc that has been over written is
>> unrecoverable, but that won't matter for most users.  Anyone who thinks CESG
>> is going to attack their hard drive will have enough money to over-write,
>> degaus and then grind all hard drives.  Anyone else will be satisfied with a
>> single overwrite of all zeros,  especially if that's done using ATA
>> commands.
>
> I wasn't really thinking about CESG.
> Does anyone know how good Nigerian (and other) scammers are at reading discs
> supposedly erased?
> Mary Hawking
> PS as I said, this is personal data - and as the problem is to safely erase
> data before dumping the computers, I don't really care whether the disc
> could be re-used.

I think it's simplest if you think about the different risks you run
in the data being revealed and the resources that somebody would apply
to uncover that data.

1 Your mum examines the unemptied trash, finds porn and tells you off.
2 Your girlfriend undeletes messages from your ex and dumps you.
3 A random cracker uses basic data recovery and simple password
cracking tools to recover spreadsheet containg your bank details and
steals your money.
4 The police use sophisticated data recovery and password cracking to
recover financial records and correspondance to build a fraud case
against you.
5 CESG dismantle the drive and break out the magnetoresistance
microscopes to locate the nukes you're selling so the SAS can stop by
for a quiet chat.

#1 can be solved by emptying the trash.
#2 wants individual files overwriting, or possibly using an encrypted filesystem
#3 and #4 need the whole disk overwriting
#5 warrants an encrypted filesystem, overwriting, smashing the
platters, and melting down

Most people's maximum level is probably 3 or 4 (personal financial
information or commercially sensitive IP vulnerable to industrial
espionage).

A random scammer is going to employ at best the standard set of
cracking and data recovery tools -- I have no reason to believe that
any of these are capable of recovering data from a modern HD that has
been overwritten once.

I'm averagely paranoid, keep financialy/personally sensitive material
encrypted, overwrite files once when they're deleted, and periodically
overwite chunks of slack space. If I were getting rid of the HD on my
home PC I'd probably overwrite the whole disk once then bin it. For
commercially sensitive work or other material that may result in me
being specifically target (rather than a random cracker) I'd add an
encrypted filesystem as well.


  Callum