Security Basics mailing list archives
RE: 51% can be enough Was: Wiping a drive
From: Olatunji Nowlin <Onowlin () transitchicago com>
Date: Thu, 16 Oct 2008 10:43:52 -0500
I think he is stating that there is a 49% of correct recovery of EACH individual bit on the drive. My math could be rusty after all these years, but that would mean the chance of getting any two bits correct is 0.49*0.49 or 0.24 (24%), when you work that out to getting 8 bits correct it comes out to something like 0.00332 or 0.33% chance of getting a single byte correct on the drive. When you have a 0% chance of getting one single byte correctly recovered I think the chances of recovering anything useful off of the drive are NIL. I still have to read the actual document but this is my interpretation from the mail that was sent. ________________________________________ From: listbounce () securityfocus com [listbounce () securityfocus com] On Behalf Of Alexander Klimov [alserkli () inbox ru] Sent: Wednesday, October 15, 2008 3:47 PM To: security-basics () securityfocus com Subject: 51% can be enough Was: Wiping a drive On Wed, 15 Oct 2008, Craig Wright wrote:
Even at 92% per bit, the recovered data is useless and random. This is detailed in the paper mentioned before. At 49% - this is a modern drive - the toss of a coin is more accurate.
Not sure what are exactly these numbers, but if it is probability of correct recovery than they are not necessary useless. Suppose you edit a text document and your editor automatically makes a backup copy of it every five minutes. Even if backup is done with the same filename, with journaling filesystems you end up with many dozens of copies of the file content on your disk. Now, if locations of backups are predictable (the document is long enough to make correlations sufficiently large), it is possible to recover the document even if you can read every bit with 51% success rate (btw, the probability cannot be less than 50%, because in that case you should always guess the opposite) -- simply count what bit value among copies is recovered more often. Btw, the standard way to wipe disk on Linux is to use shred that is a part of coreutils that are already installed on almost every Linux system. -- Regards, ASK
Current thread:
- Wiping a drive: /dev/zero or /dev/urandom better? JW (Oct 14)
- RE: Wiping a drive: /dev/zero or /dev/urandom better? Weir, Jason (Oct 14)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Adam Gibbins (Oct 15)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Adriel Desautels (Oct 14)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Craig Wright (Oct 15)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Craig Wright (Oct 15)
- 51% can be enough Was: Wiping a drive Alexander Klimov (Oct 16)
- RE: 51% can be enough Was: Wiping a drive Olatunji Nowlin (Oct 16)
- RE: 51% can be enough Was: Wiping a drive Murda Mcloud (Oct 16)
- RE: 51% can be enough Was: Wiping a drive Alexander Klimov (Oct 20)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Craig Wright (Oct 15)
- RE: Wiping a drive: /dev/zero or /dev/urandom better? Weir, Jason (Oct 14)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Razi Shaban (Oct 16)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Ansgar Wiechers (Oct 16)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Roman Fulop (Oct 15)