[dm-crypt] (OT) Secure data wipe

[dm-crypt] (OT) Secure data wipe

[jugree]

Hello.

How to securely delete data from a hard drive? Is it possible without
physical destruction?

How to work with sensitive data if you're using swap? Is it enough to
run `swapoff', decrypt some data, encrypt it again, and run `swapon'?

Is it possible to securely delete a single file? I've heard that you
should create another file with the same name, write some data to it,
and delete it.

This is a popular topic, but it's really hard to find any proofs.

Can you suggest any books or papers on the subject?

Re: [dm-crypt] (OT) Secure data wipe

[Javier Juan Martínez Cabezón]

Yes is a lot offtopic, but could be useful for dmcrypt-users

I don't know who has told you about the way of secure deleting a file
but he is too wrong.

When you delete something, you mark the physical blocks of the file as
"usable for later", that is, moves into unallocated space, that could
be allocated later. If you create a new file with the same name it
gets free blocks to suit their needs but this doesn't mean that it
will allocate the same physical blocks.

The only method I know filesystem independent to destroy data is
overwritting unallocated space several times with different patterns
(to avoid recovering with microscopy). You can do the same
overwritting allocated physical blocks of the file several times and
this is what wipe does at my knowledge.

I think the DoD published a paper about this you could check it.

On 09/12/12 12:20, jugree@lavabit.com wrote:
> Hello.
> 
> How to securely delete data from a hard drive? Is it possible
> without physical destruction?
> 
> How to work with sensitive data if you're using swap? Is it enough
> to run `swapoff', decrypt some data, encrypt it again, and run
> `swapon'?
> 
> Is it possible to securely delete a single file? I've heard that
> you should create another file with the same name, write some data
> to it, and delete it.
> 
> This is a popular topic, but it's really hard to find any proofs.
> 
> Can you suggest any books or papers on the subject?
> 
> 
> _______________________________________________ dm-crypt mailing
> list dm-crypt@saout.de 
> http://www.saout.de/mailman/listinfo/dm-crypt

Re: [dm-crypt] (OT) Secure data wipe

[Karol Babioch]

[-- Attachment #1: Type: text/plain, Size: 622 bytes --]

Hi,

Am 09.12.2012 13:26, schrieb Javier Juan Martínez Cabezón:
> overwritting unallocated space several times

this basically is a myth. Overwriting the whole drive just one time will
make any recovery practically impossible, see [1].

The "multiple times" aspect to my best knowledge originates from the
good old days, where the density of tracks on floppies wasn't as high as
it is with todays hard drives and it was possible to "miss" the track by
some amount.

Best regards,
Karol Babioch

[1]
http://www.h-online.com/security/news/item/Secure-deletion-a-single-overwrite-will-do-it-739699.html


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 899 bytes --]

Re: [dm-crypt] (OT) Secure data wipe

[Javier Juan Martínez Cabezón]

On 09/12/12 15:48, Karol Babioch wrote:

> this basically is a myth. Overwriting the whole drive just one time
> will make any recovery practically impossible, see [1].

Just to link the DoD Standard, DoD recommended 3 cycles, and in US
DoD-5220.22-M ECE 7 cycles:

I don't think that one person who wants assure to destroy their secret
data would want to take the risk of these 0,97%

www.usaid.gov/pubs/ads/500/d522022m.pdf

Re: [dm-crypt] (OT) Secure data wipe

[Arno Wagner]

On Sun, Dec 09, 2012 at 03:48:01PM +0100, Karol Babioch wrote:
> Hi,
> 
> Am 09.12.2012 13:26, schrieb Javier Juan Martínez Cabezón:
> > overwritting unallocated space several times
> 
> this basically is a myth. Overwriting the whole drive just one time will
> make any recovery practically impossible, see [1].
> 
> The "multiple times" aspect to my best knowledge originates from the
> good old days, where the density of tracks on floppies wasn't as high as
> it is with todays hard drives and it was possible to "miss" the track by
> some amount.

Actually, the background is as follows (track density, bit-density, 
etc, are secondary): A magnetic medium has a s/n (signal-to-noise) 
ratio and a ratio an overwrite weakens an older singnal by. 

As a simplified example, you may get 10mV of noise and a maximum 
signal of 100mV. Then you have signal-to-noise of 10:1. An overwrite 
always weakens the original signal, bit it is still there. Say, it 
gets weakened by a factor of 3. Then you have the n-th (overwriting)
signal at 100mV singal strengt, and the n-1 (older) signal at
30mV. You can hence read signal n, reconstruct (in analog) how it 
was written, subtract it from an analog media read and get the
n-1 signal. 

For floppies, I did some measurements 20 years back, and I 
could clearly see the n-1 signal and maybe the n-2 signal 
would also have been possible to read. The s/n ratio was 
was very high.

For modern disks, the s/n ratio is low enough that the n-1 
signal vanishes in the noise after a single overwrite. The 
background is that modern electronics can read the signal 
almost perfectly in analog and modern signal processors can 
do all the math needed to get the maximum possible decoding 
quality in real-time. If the HDD manufacturers could cram
in more bits, they would, but the surfaces can simply not 
hold them reliably. They certainly cannot hold twice as
much data, as in a signal and the overwritten signal from
before. Ordinary 1.44MB floppy disks coukld be made to 
hold > 20MB with special equipment back in the day.

Rumour has it that after one overwrite you may get lucky and 
pull off single bits, like occasionally recognizing a keyword, 
using very expensive equipment and a lot of time. For encrypted 
data that is pretty worthless. 

Arno
-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
One of the painful things about our time is that those who feel certainty
are stupid, and those with any imagination and understanding are filled
with doubt and indecision. -- Bertrand Russell

Re: [dm-crypt] (OT) Secure data wipe

[Karol Babioch]

[-- Attachment #1: Type: text/plain, Size: 451 bytes --]

Hi,

Am 09.12.2012 12:20, schrieb jugree@lavabit.com:
> I've heard that you
> should create another file with the same name, write some data to it,
> and delete it.

I wouldn't trust on that. Which blocks get assigned to a file is up to
the filesystem implementation. I don't think you can rely on the fact
that a file with a specific filename will be assigned the same block
each time you (re-)create it.

Best regards,
Karol Babioch


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 899 bytes --]

Re: [dm-crypt] (OT) Secure data wipe

[Arno Wagner]

Sent the my original reply by accident only to the OP. Here
a copy for the list:

I comment on this in the cryptsetup FAQ in items 5.4, 5.5 and 5.19.
For the case of a non-LUKS container, the current state-of-the-art
is that for HDDs a single pass of zeros is enough and for any type
of non-valitele memory (SSD, USB-key, etc.) it is unclear. In all
cases encryption helps. Defect management may complicate things for
HDDs and SSDs, but for HDDs you can at least query the reallocated
count in teh SMART status to see whether that happened.

As to swap, you can either disable it or use encrypted swap,
possibly with an one-tile boot-up key, and, if you like
frequent key-changes.

You can only secure-delete a single file if you understand what
your filesystem does. The thing you have heard is complete
nonsense though. One way with some filesystems is to overwrite
the original file. The Linux tool "wipe" does that. It is
insecure with ext3 (data may be in the log) btrfs (later writes
may not go to the same sectors) and others. You can delete the
file and overwtite all empty space, but that may leave some
leftovers.

As to papers, for HDDs, look at the original Gutman paper and its
adendum:
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

For SSDs, look at
http://www.usenix.org/events/fast11/tech/full_papers/Wei.pdf
and possibly its references.

Arno

On Sun, Dec 09, 2012 at 06:20:14AM -0500, jugree@lavabit.com wrote:
> Hello.
> 
> How to securely delete data from a hard drive? Is it possible without
> physical destruction?
> 
> How to work with sensitive data if you're using swap? Is it enough to
> run `swapoff', decrypt some data, encrypt it again, and run `swapon'?
> 
> Is it possible to securely delete a single file? I've heard that you
> should create another file with the same name, write some data to it,
> and delete it.
> 
> This is a popular topic, but it's really hard to find any proofs.
> 
> Can you suggest any books or papers on the subject?
> 
> 
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
One of the painful things about our time is that those who feel certainty
are stupid, and those with any imagination and understanding are filled
with doubt and indecision. -- Bertrand Russell

Re: [dm-crypt] (OT) Secure data wipe

[Roscoe]

> How to work with sensitive data if you're using swap? Is it enough to
> run `swapoff', decrypt some data, encrypt it again, and run `swapon'?

I stopped using swap on my desktop when I upgraded from 64MB of RAM
with 128MB of swap to 192MB of RAM.

Saves the hassle of that question, I can't say I've noticed any
terribly ill effects from not having swap and it saves me the hassle
of setting up encrypted swap.