Archived from groups: comp.sys.ibm.pc.hardware.storage (
More info?)
In article <2j6t6eFtpa69U2@uni-berlin.de>, Arno Wagner <me@privacy.net> wrote:
>Previously Al Dykes <adykes@panix.com> wrote:
>> In article <336e792b.0406120004.5e63404@posting.google.com>,
>> Ludwig <antispam1eastcomp@gmx.de> wrote:
>>>Arno Wagner <me@privacy.net> wrote in message news:<2itvkpFqku45U1@uni-berlin.de>...
>>>> Previously Al Dykes <adykes@panix.com> wrote:
>>>> > In article <2isocdFr8ig6U1@uni-berlin.de>, Arno Wagner <me@privacy.net> wrote:
>[...]
>>>> Exactly. Like keyboard sniffers TEMPEST attacks, break-ins to
>>>> clone/steal the disk, bribes, etc.. In addition, even when secret
>>>> information is on a disk, most/almost all individual 512 byte
>>>> blocks will still be pretty uninteresting or completely meaningless,
>>>
>>>I disagree. Obviously those sectors which are heavily used have a
>>>higher probability to get bad. Such sectors usually do not contain
>>>static data (like program code, static media files etc.) but data
>>>generated from user input, from intermediary data. So, these are
>>>sectors which contain "valuable" information with a much higher
>>>probability than all other (static) sectors on a hdd.
>>>
>
>> An utterly unsupportable generalization. Support this claim. Sectors
>> go "soft" (require ECC calculation to recover correct data) even it
>> they were only written one, years ago.
>
>> Also, a sector in the badblock has no idea what file it was part of,
>> before it went "bad". If you do for a read of a block that's been
>> mapped-out is just 4096 bits with no context, that probably have
>> failed the ECC calculation, so you can't know that ABCDEF isn't really
>> ABCDEG when you read it.
>
>Actuslly HDD have 512 byte sector size and do not care about
>filesystem blocks at all. Defect management is therefore done
>in 512 byte units, giving even less data in the remapped sector.
>
The last time I checked 4096 bits = 512 bytes.
>>>> As a result, most practical applications need not care about
>>>> reallocated defective sectors. But still people should be aware
>>>> of the mechanism and its implications. In the rare case where
>>>> it could be a problem, conventional erasure should be followed
>>>> by physical destruction.
>>>
>>>In our daily practice as a refurbishing and remarketing company of
>>>used pcs we are regularily confronted with our clients (those
>>>companies, which wants to remarket their used equipment) concerns,
>>>that ALL data on the hdds will be deleted. If there is no guarantee,
>>>that ALL data will be securely erased, then the hdd would be
>>>physically destroyed for security reasons. These would have massive
>>>environmental and economical impacts, because a pc without a hdd has
>>>almost no value and has to be physically recycled instead on being
>>>used by other (mostly poor) people (more and more in developping
>>>countries like Africa etc). The commercial second hand pc market could
>>>rather break down.
>
>Well, people have a tendency to make stupid demands if they do not
>understand the technology they are talking about. Remapped sectors
>are never a security risk in practice. HDDs with contents so sensitive
>that remapped sectors could be a problem will not be given away but
>be destroyed in-house.
>
>> Perfect security (or any security) doesn't come cheap.
>
>In fact perfect security is unavailable at this time. However
>good security is a lot cheaper than marginally better security
>and does the job as well in practice.
>
>> You can't have
>> it both ways. Security generally comes down to a cost/risk decision.
>> I've been in jobs where we routinely smashed IDE disks from desktop
>> systems (with a sledge hamer on a concrete floor) because doing
>> _anything_ else to sanitize the disk cost more that scraping the disk.
>
>> Sorry about not being able to donate equipment. If the company
>> making the donation values their data as much as you do the'll
>> appreciate that smashing HDDs is a cost of doing business.
>
>>>To clarify the problem of remapped sectors we contacted as the
>>>IASG/CESG as different manufacturers of CESG certified "secure"
>>>erasing software tools. From the first we got no senseful answer, from
>>>the others we didn't get any answer. So, we rather doubt, that
>>>remapped sectors are erased by commercial tools.
>>>
>>>What could be the solution?
The US DoD specs I've seen provide for erasure by multiple passes of a
commercial erasure software package for most types of secure data, but
require destruction for the highest security level. I've always
assumed that the advantage of physical destruction was that your boss,
or the security officer could watch the disk going into the shredder.
It's not as easy to be assured that the software is really working.
It seems that degaussing is obsolete because the magnet would have to
be powerfull enough to pull your belt buckle off, and it would erase
sync data imbedded in the tracks that the electronics need to
function, effectively making it impossible to reformat the disk.
--
Al Dykes
-----------
adykes at p a n i x . c o m