Security Basics mailing list archives

RE: 51% can be enough Was: Wiping a drive

From: Olatunji Nowlin <Onowlin () transitchicago com>
Date: Thu, 16 Oct 2008 10:43:52 -0500

I think he is stating that there is a 49% of correct recovery of EACH individual bit on the drive.  My math could be 
rusty after all these years, but that would mean the chance of getting any two bits correct is 0.49*0.49 or 0.24 (24%), 
when you work that out to getting 8 bits correct it comes out to something like 0.00332 or 0.33% chance of getting a 
single byte correct on the drive.  When you have a 0% chance of getting one single byte correctly recovered I think the 
chances of recovering anything useful off of the drive are NIL.

I still have to read the actual document but this is my interpretation from the mail that was sent.



________________________________________
From: listbounce () securityfocus com [listbounce () securityfocus com] On Behalf Of Alexander Klimov [alserkli () 
inbox ru]
Sent: Wednesday, October 15, 2008 3:47 PM
To: security-basics () securityfocus com
Subject: 51% can be enough Was: Wiping a drive

On Wed, 15 Oct 2008, Craig Wright wrote:

Even at 92% per bit, the recovered data is useless and random. This
is detailed in the paper mentioned before. At 49% - this is a modern
drive - the toss of a coin is more accurate.


Not sure what are exactly these numbers, but if it is probability of
correct recovery than they are not necessary useless. Suppose you edit
a text document and your editor automatically makes a backup copy of
it every five minutes. Even if backup is done with the same filename,
with journaling filesystems you end up with many dozens of copies of
the file content on your disk.

Now, if locations of backups are predictable (the document is long
enough to make correlations sufficiently large), it is possible to
recover the document even if you can read every bit with 51% success
rate (btw, the probability cannot be less than 50%, because in that
case you should always guess the opposite) -- simply count what bit
value among copies is recovered more often.

Btw, the standard way to wipe disk on Linux is to use shred that is a
part of coreutils that are already installed on almost every Linux
system.

--
Regards,
ASK

Current thread:

Wiping a drive: /dev/zero or /dev/urandom better? JW (Oct 14)
- RE: Wiping a drive: /dev/zero or /dev/urandom better? Weir, Jason (Oct 14)
  - Re: Wiping a drive: /dev/zero or /dev/urandom better? Adam Gibbins (Oct 15)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Adriel Desautels (Oct 14)
  - Re: Wiping a drive: /dev/zero or /dev/urandom better? Craig Wright (Oct 15)
    - Re: Wiping a drive: /dev/zero or /dev/urandom better? Craig Wright (Oct 15)
    - 51% can be enough Was: Wiping a drive Alexander Klimov (Oct 16)
    - RE: 51% can be enough Was: Wiping a drive Olatunji Nowlin (Oct 16)
    - RE: 51% can be enough Was: Wiping a drive Murda Mcloud (Oct 16)
    - RE: 51% can be enough Was: Wiping a drive Alexander Klimov (Oct 20)
    - Re: Wiping a drive: /dev/zero or /dev/urandom better? Razi Shaban (Oct 16)
    - Re: Wiping a drive: /dev/zero or /dev/urandom better? Ansgar Wiechers (Oct 16)
- R: Wiping a drive: /dev/zero or /dev/urandom better? Vega - Brunello Ivan (Oct 14)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Robert Larsen (Oct 14)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Morgan Reed (Oct 14)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Gaizka Isusquiza (Oct 14)
  - Re: Wiping a drive: /dev/zero or /dev/urandom better? Roman Fulop (Oct 15)
- RE: Wiping a drive: /dev/zero or /dev/urandom better? Murda Mcloud (Oct 14)

(Thread continues...)