Silk Road forums

Discussion => Security => Topic started by: lonerism on January 07, 2013, 03:11 am

Title: 7 Pass Secure Erase?
Post by: lonerism on January 07, 2013, 03:11 am
The authorities aren't after me or anything but I feel like I should probably start a fresh and not use SR on my main computer.
Do you think using the 7 Pass Secure Erase on my mac will be enough or should I just sell and buy a new computer?
Title: Re: 7 Pass Secure Erase?
Post by: Party Girl on January 07, 2013, 06:50 am
The authorities aren't after me or anything but I feel like I should probably start a fresh and not use SR on my main computer.
Do you think using the 7 Pass Secure Erase on my mac will be enough or should I just sell and buy a new computer?


Given the time and the choice, a pass wipe is infinitely more secure.
Title: Re: 7 Pass Secure Erase?
Post by: catfishinmysocks on January 07, 2013, 11:15 am
1 pass is fine. People starting talking about doing multiple passes decades ago when hard drives were, no exaggeration, one million times smaller.

And even then it wasn't actually possible to recover any actual data, just a theory.
Title: Re: 7 Pass Secure Erase?
Post by: Errl_Kushman on January 07, 2013, 11:17 am
No need to toss the mac. As others have suggested, 1 pass is probably okay for your needs. Astor posted a few days ago about the standards for wiping drives. Summation: unless you're Al-Qaeda, 1-2 passes will be plenty!

For fun, since it doesnt cost anything, if you wanted to be extra secure, download DBAN and run it several times.


edit: here is the dialog i was talking about with astor:

I learned in my IT class that if they are really hardcore searching your hdd, one write of zeros may not be enough.

As I said, it writes over the entire hard disk TWICE with random data, followed by one write of zeroes, so that's three writes total.

Are there any utilities that you guys know of that can write over it multiple times, I'm thinking like 16x at least!

Yes, DBAN. 16 times is overkill. NIST seems to believe that medical records are securely erased after a single write.

Look at this: https://en.wikipedia.org/wiki/Data_erasure#Number_of_overwrites_needed

Even ATA disk wipes, widely considered to be the most secure, do a single write.

But if you really want 16 writes, you could run DBAN 5 or 6 times. :)
Title: Re: 7 Pass Secure Erase?
Post by: catfishinmysocks on January 07, 2013, 06:23 pm
For fun, since it doesnt cost anything

It costs time and intelligence to do something that isn't necessary.
Title: Re: 7 Pass Secure Erase?
Post by: lex on January 07, 2013, 07:10 pm
The authorities aren't after me or anything but I feel like I should probably start a fresh and not use SR on my main computer.
Do you think using the 7 Pass Secure Erase on my mac will be enough or should I just sell and buy a new computer?


Given the time and the choice, a pass wipe is infinitely more secure.

Considering that there has not been a single documented case where data has been recovered after being overwritten with 1 pass, in the history of the world, ever, your statement is complete bullshit. Please do not give advice about computer forensics if you don't know what you're talking about.
Title: Re: 7 Pass Secure Erase?
Post by: signal16 on January 07, 2013, 09:55 pm
actually data has been recovered from multi pass, but not enough to be useful.  like a handful of words from a multi page document and if the file is fragmented, well good luck.  resources involved are intense.   but no need to sell the computer thats probably the least advisable.  If your paranoid about how many 'wipes' will make the data really go away i would just remove the hard drive and destroy it physically,  that's the absolute best way to erase data.  also if its a ssd or usb flash drive just a wipe can leave data behind due to the wearing algorithms.  bad sectors can also be recoverable.
using the secure-delete package in linux will do 38 pass, 7 pass is department of defense requirements :)

sudo apt-get install secure-delete

i could write volumes on the topic  : /
Title: Re: 7 Pass Secure Erase?
Post by: catfishinmysocks on January 07, 2013, 11:24 pm
actually data has been recovered from multi pass, but not enough to be useful.  like a handful of words from a multi page document and if the file is fragmented, well good luck.  resources involved are intense.   but no need to sell the computer thats probably the least advisable.  If your paranoid about how many 'wipes' will make the data really go away i would just remove the hard drive and destroy it physically,  that's the absolute best way to erase data.  also if its a ssd or usb flash drive just a wipe can leave data behind due to the wearing algorithms.  bad sectors can also be recoverable.
using the secure-delete package in linux will do 38 pass, 7 pass is department of defense requirements :)

sudo apt-get install secure-delete

i could write volumes on the topic  : /

That you say about SSD's is partly correct, you can't just overwrite data, but you can use the secure erase command to completely wipe them in seconds.
Rest is FUD. You can't recover a single byte that has been overwritten on a HDD.
Title: Re: 7 Pass Secure Erase?
Post by: signal16 on January 07, 2013, 11:32 pm
think what u like, the standards have been made for a reason.  published or not..
its easy to add extra wipes, ounce of prevention thing..
not that i think anyone here is doing activities that would require such security (like treason) :P

secure file erase work on ssd or usb.
you need delete file then wipe free space for ssd and usb, again due to wearing algorithms.
Title: Re: 7 Pass Secure Erase?
Post by: catfishinmysocks on January 07, 2013, 11:44 pm
think what u like, the standards have been made for a reason.  published or not..
its easy to add extra wipes, ounce of prevention thing..
not that i think anyone here is doing activities that would require such security (like treason) :P

secure file erase work on ssd or usb.
you need delete file then wipe free space for ssd and usb, again due to wearing algorithms.

If you're going to make such claims then back them up.

And your info is still wrong on flash drives. The only way to sanitize them is with the secure erase command if the controller supports it properly, and if it does they are cleaned in moments. http://static.usenix.org/events/fast11/tech/full_papers/Wei.pdf
Title: Re: 7 Pass Secure Erase?
Post by: wasta on January 11, 2013, 02:34 am
There is only one way to delete data.

It should written over again with orher data.

It's like a old cassette-tape, full with music.

But you know that it toke quite some time to download the data, so writing the data over again with zero's or ones will take just as long.
Every wiping program will leave some evidence, because not every single bit will be written over.
It will only just corrupt the data.

Even Guttman with 36 times of wiping will leave some bits untouched.

Only when you have written over the complete disc with other data, then the data will be fully gone.
That will take just the same time as all the downloads of the previous data combined.

Next best thing is the program ""Killdisk"".

Remember the cassette or the videotape. What time would that take to wipe the data of the tape? Every wiping method will leave some traces.
Only when you record a new movie on the video, then the data will be fully erased.

The 7 times ( militairy) method will leave enough traces of a photo (picture) to make up what has there been previously.
Title: Re: 7 Pass Secure Erase?
Post by: catfishinmysocks on January 11, 2013, 12:52 pm
There is only one way to delete data.

It should written over again with orher data.

It's like a old cassette-tape, full with music.

But you know that it toke quite some time to download the data, so writing the data over again with zero's or ones will take just as long.
Every wiping program will leave some evidence, because not every single bit will be written over.
It will only just corrupt the data.

Even Guttman with 36 times of wiping will leave some bits untouched.

Only when you have written over the complete disc with other data, then the data will be fully gone.
That will take just the same time as all the downloads of the previous data combined.

Next best thing is the program ""Killdisk"".

Remember the cassette or the videotape. What time would that take to wipe the data of the tape? Every wiping method will leave some traces.
Only when you record a new movie on the video, then the data will be fully erased.

The 7 times ( militairy) method will leave enough traces of a photo (picture) to make up what has there been previously.

Load of shite.
Title: Re: 7 Pass Secure Erase?
Post by: wasta on January 30, 2013, 09:46 pm
Shite?

Never mind.
But he is right there is also deGaussing.
Wiping data with a magnet.

See the hdd as a vcr tape.
Now,  how would you wipe a movie from a vcr-tape?

And how much time will it take, to wipe all the data from that tape, if the movie is 3 hours long.

There is no way you can delete all the data from a movie of 3 hours in 5 minutes.
A movie on a vcr tape of 3 hours will be gone when you put another movie of three hours over the first movie.

The same goes for the hdd.

The hdd has e ceramic disc , but the old floppydisc looks more as the material where a vcr-tape is made from.
The heads to record are even more alike in a floppy and a vcr.

Not only goes this for hdd's but for cd's or dvd's as well. Wiping will as it wore scratch a lot of bits and bytes from the cd or dvd as you would scratch with a knife. Needles to say that you will mis always many bits or bytes.

Deleting just removes the pointer.
Use undelete and you have your data back.
The same goes for erase, then you use unerase.
After format you use unformat and you will have all your data back.

It's a nice experiment for you to download O&O recovery and use it on a picture that you have wiped with RSA 7 times.
You will see that a lot of the picture is gone, but there is still be left more then enough to see what was on the 7 times wiped picture.

It was my job to wipe data from hdd's so the computers cold be sold again in the secondhand market.
Hospitals and local governments did only business with us.

Other company's did use only the militairy rsa 7 times wiping method.
Result was that classified info came in the public domain.

Rsa wiping is quick but leaves just to much data.
Y wll nt b bl t rd ll th dat tht as bn wpd, bu wth a ltj affr yu wi b abl t red wht data hs bn wpd.

You may think that this is a load of shite, but it gave me a job for many years and all city counsels and hospitals went to us, after they had company's like fox-it ordered te recover the data we wiped.
All computers from all the hospitals and city-counsels had te be clean before the cold be sold again on the second hand market.

So I don't care if you think that this is a load of shite.
The didn't.
It was my job for years to make sure that all data was wiped.
How many years do you have experience in wiping data?
And not just as a hobby !

Easy to say ""a load of shit"" but tell me what you think.
Not what you know, because I already know you don't know but just think.

I did nit write a load of shit.
You didn't either, but you are a load of shit.

Do not say just ""a load of shit"" but tell how you think how it is, so I can proof you wrong!

 
Title: Re: 7 Pass Secure Erase?
Post by: Fallkniven on January 30, 2013, 10:21 pm
Y wll nt b bl t rd ll th dat tht as bn wpd, bu wth a ltj affr yu wi b abl t red wht data hs bn wpd.

wtf?!

lol! articulate your words man! rofl
Title: Re: 7 Pass Secure Erase?
Post by: wasta on January 30, 2013, 10:43 pm
Y wll nt b bl t rd ll th dat tht as bn wpd, bu wth a ltj affr yu wi b abl t red wht data hs bn wpd.

is what you get if you use rsa 7 times wipe for the phrase:

You will not be able to read all the data that has been wiped, but with a little afford you will be able to read what data has been wiped.

;)

LOL indeed !
Title: Re: 7 Pass Secure Erase?
Post by: Fallkniven on January 30, 2013, 11:23 pm
gotcha ;) i fell kinda stoopid now :P
Title: Re: 7 Pass Secure Erase?
Post by: astor on January 31, 2013, 12:55 am
The National Institute of Standards and Technology, the Center for Magnetic Recording Research, and the NSA seem to think that one overwrite is enough.

Quote
According to the 2006 NIST Special Publication 800-88 Section 2.3 (p. 6): "[F]or ATA disk drives manufactured after 2001 (over 15 GB) clearing by overwriting the media once is adequate to protect the media from both keyboard and laboratory attack."[17]

Quote
According to the 2006 Center for Magnetic Recording Research Tutorial on Disk Drive Data Sanitization Document: "Secure erase does a single on-track erasure of the data on the disk drive. The U.S. National Security Agency published an Information Assurance Approval of single pass overwrite, after technical testing at CMRR showed that multiple on-track overwrite passes gave no additional erasure."

Quote
Further analysis by Wright et al. seems to also indicate that one overwrite is all that is generally required.[23]

Wright, Craig; Kleiman, Dave; Sundhar R.S., Shyaam (December 2008). Overwriting Hard Drive Data: The Great Wiping Controversy. In R. Sekar, R.; Pujari, Arun K.. "Information Systems Security". Information Systems Security: 4th International Conference, ICISS 2008. Lecture Notes in Computer Science (Springer-Verlag) 5352: 243–57. doi:10.1007/978-3-540-89862-7_21

Here's the CMRR publication: http://dkn255hz262ypmii.onion/index.php?topic=99520.msg699299#msg699299
Title: Re: 7 Pass Secure Erase?
Post by: astor on January 31, 2013, 01:03 am
Wright et al. found that they could recover a bit here and a bit there but not enough contiguous bits to salvage any useful data.

Does the NSA have some advanced technology not available to civilians? Maybe, but do you think LE will be shipping your hard drive to the NSA? They have bigger fish to fry.
Title: Re: 7 Pass Secure Erase?
Post by: summer on January 31, 2013, 05:15 pm
http://en.wikipedia.org/wiki/Bradley_Manning
Quote
Johnson said there had been two attempts to delete material from the MacBook. The operating system was re-installed in January 2010, and on or around January 31, 2010, an attempt was made to erase the hard drive by doing a "zero-fill," which involves overwriting material with zeroes.  THE MATERIAL WAS OVERWRITTEN ONLY ONCE, WHICH MEANT IT COULD BE RETRIEVED

http://www.wired.com/threatlevel/2011/12/manning-assange-laptop/
Quote
Johnson testified that he found two attempts to delete data on Manning’s laptop. Sometime in January 2010, the computer’s OS was re-installed, deleting information prior to that time. Then, on or around Jan. 31, someone attempted to erase the drive by doing what’s called a “zerofill” — a process of overwriting data with zeroes. Whoever initiated the process chose an option for overwriting the data 35 times — a high-security option that results in thorough deletion — but that operation was canceled. Later, the operation was initiated again, but the person chose the option to overwrite the information only once — a much less secure and less thorough option.

ALL THE DATA THAT JOHNSON WAS ABLE TO RETRIEVE FROM UN-ALLOCATED SPACE CAME AFTER THAT OVERWRITE, HE SAID.

Title: Re: 7 Pass Secure Erase?
Post by: astor on January 31, 2013, 10:16 pm
There are two things about that.

1) NIST and CMRR recommend a random write, not a zero write.

2)

Quote
All the data that Johnson was able to retrieve from un-allocated space came after that overwrite, he said.

They also recommend using an offline program, meaning the host OS isn't running. DBAN is a program that you reboot the computer into, for example. If the host OS is running, then depending on the program, it may not write over the unallocated space (for example, running the command "secure-delete C:" won't write over the unallocated space). The article doesn't mention whether it was an online or offline program, but one interpretation is that he used a program running on the host OS, which only wrote over the allocated partitions/space, leaving the unallocated space untouched, even though he didn't cancel the job.

In fact, he may have done a zero fill of the empty space, which would be the least secure.
Title: Re: 7 Pass Secure Erase?
Post by: summer on February 01, 2013, 01:20 am
Thank you, that makes sense!
Title: Re: 7 Pass Secure Erase?
Post by: comsec on February 01, 2013, 07:38 am
This is silly.

Encrypt the entire disc with impossible 64 char password you don't ever use again
Install whatever operating system you want over top of it you've basically effectively deleted everything because nothing can be recovered
Title: Re: 7 Pass Secure Erase?
Post by: HeatFireFlame on February 01, 2013, 02:29 pm
Download a program free called datanuke, i think it may have been Dban that made it but i cant remember,
You may have to configure your bios to get it working, But have an operating system cd ready before you run it because it literally does NUKE your drive
Title: Re: 7 Pass Secure Erase?
Post by: astor on February 01, 2013, 06:47 pm
Encrypt the entire disc with impossible 64 char password you don't ever use again

I wholeheartedly agree. I've been advocating for FDE my whole time on the forum.

However, a lot of people find themselves in the situation that they have done sensitive things on an unencrypted drive and need to securely erase that evidence. I advocate (at least) one random write using an offline tool like DBAN. 2 or 3 writes is ok too, but 7, 15 or 35 writes is overkill, in my opinion and the opinion of experts like NIST and CMRR. Of course, FDE should be mandatory afterwards.
Title: Re: 7 Pass Secure Erase?
Post by: Nuggz on February 02, 2013, 12:49 am
If you use linux (like Tails)  there is a simple command you can use to overwrite your free space. I use this for flash drives but it will work on any drive. Make sure to delete unwanted files and the Recycle Bin (if there is one) first. Open terminal and navigate to a folder in the drive you wish to overwrite free space then:

To fill your free space with zero's:
cat /dev/zero > delete.this
rm delete.this

To fill your free space with random:
cat /dev/urandom > delete.this
rm delete.this

The cat command will take a while and you may get an error at the end that your disk is full, which is good.
Title: Re: 7 Pass Secure Erase?
Post by: comsec on February 02, 2013, 06:33 am
You must always encrypt, forget about deleting. Modern file systems and drives do not let you delete anything, instead they "helpfully" move files for you around because they assume you don't want to actually delete. Journaling file systems, SSDs, nand flash (your cellphone), ect.

Boot and Nuke is 1990s technology it won't do shit. Encrypt the entire drive first, then add stuff to it. If you fucked up, didn't encrypt your SSD and there's an insane amount of criminal evidence on it you use ATA Secure Erase and/or you use dcfldd http://www.forensicswiki.org/wiki/Dcfldd then you physically destroy the drive and just invest the $80 for a new one. You don't throw the drive out in your trash where feds can pick it up you walk around the city and discreetly throw the pieces away and hope nobody is following you. Or toss it off a bridge into a river (but only after deleting). Or light it on fucking fire.

The best way to learn about this, is simply pirate forensics guides. Especially smartphone guides, there's plenty of university written Android forensics .pdf books around where you can read all about the modern techniques they use.

Also keep in mind this was freakin' Bradley Manning, THE most wanted man in all of US intel agencies so sky was the limit as far as resources go to investigate his data (also, he didn't encrypt shit). For a typical drug dealing charge, cops are bound by how much money they can blow on a forensic investigation. If the drive is encrypted 99.99999% of the time they will simply stop there because it's too much money to pay some researcher at Carnegie Mellon $1,000/hr to deconstruct the drive and find information. If you're not a terrorist, Assange, Bradley Manning or whoever is running this site odds are this is never going to happen you'll just get state hick cops with a tiny budget.

According to Bruce Schneier and basically every forensics industry blog that exists the vast majority of data they analyze is not encrypted. It's only recently where people have finally figured out to encrypt their shit using high entropy passwords, basically rendering forensics useless. So the strategy now is to simply change the laws so they can jail you forever in some countries for not giving your password. Because these laws are popping up in every country lately proves they can't do sweet fuck all when presented with a properly encrypted drive.**

**unless they break into your place, and drop in bootloader rootkits. no problem because booting from encrypted root is easy now check openbsd -current softraid changes

**unless you drop OPSEC so much they don't even need your data, like jeremy hammond





Title: Re: 7 Pass Secure Erase?
Post by: summer on February 02, 2013, 12:14 pm
Quote
While the chat logs were encrypted, Johnson said that he was able to retrieve the MacBook’s login password from the hard drive and found that the same password “TWink1492!!” was also used as the encryption key.
Title: Re: 7 Pass Secure Erase?
Post by: raynardine on February 02, 2013, 07:32 pm
Quote
While the chat logs were encrypted, Johnson said that he was able to retrieve the MacBook’s login password from the hard drive and found that the same password “TWink1492!!” was also used as the encryption key.

Fail.