[svlug] 2 part Linux question

Scott Hess scott at doubleu.com
Fri Jul 11 20:38:41 PDT 2003


On Thu, 10 Jul 2003, Sanatan Rai wrote:
> : ??? Wouldn't this be _substantially_ worse than psuedo-random data?  If
> : all of this stuff really works, then you should be able to model _exactly_
> : how each bit on the disk was impacted.  Even if you don't know the
> : sequence, you could probably derive the character runs, at which point you
> : could automagically factor their impact out.
> 
> 	What I am trying to capture is the following idea: it is better to
> add a known signal that is difficult to remove than to add a random or
> constant signal that can effectively be filtered out.

I guess I don't understand what that gets you.  You don't want to add a
derivable signal, because an attacker could use it to model the impact
very precisely.  A cryptographically secure psuedo-random signal is a
known signal (you can precisely repeat it at will), but would be
impossible to derive.  So I think that's a great improvement over anything
that might repeat or that the attacker may be able to forecast after some
analysis.

That said, as the various papers indicate, it's very important to use
patterns appropriate to the technology in question.  The best signal would
be one that maximizes the scrambling of the magnetic patterns.  I doubt
either Dante's Inferno _or_ an ad hoc psuedo-random stream of bytes
manages this!  Better to use one of the pre-packaged programs that are out
there, which try to write patterns applicable to most technology.  Even
then, this is probably something that really needs to be in firmware to be
truly successful (so that the patterns can be precisely tuned to the disk
geometry).

I guess I see there being four broad classes of erasure that make sense:

 o Reformat or delete.
 o Zero or randomize the drive.
 o Use a specialized scrub program.
 o Physically destroy the drive.

I don't think a good case can be made for an additional class between
writing random data to the drive and scrubbing it.  It's like adding 9's
to uptime.  Simple reformat is 90% effective, randomize is 99.999%, scrub
is 99.999999%, and physically destroying the drive is probably not
worthwhile to protect data for most individuals.  [Yes, I just made those
numbers up.  I figure there are maybe a couple dozen groups who could
overcome a randomized drive, and maybe 2 or 3 groups who could overcome a
scrubbed drive.]

Later,
scott





More information about the svlug mailing list