Mr Bean wrote:Nope, sorry, doesn't work. They can scan the hard drive with an electron microscope. Besides random data is better,since you can amplify the residual signals from the HD. Of course all this costs tens to hundreds of thousands of dollars. Besides you don't have time to do this if they break into your house. Oh and instead of only nuking the HDD, nuke the entire computer for extra protection. I think AES encryption with large keys is secure enough though.
I see.... So your telling me on the off chance the RIAA gets an electron scanning Microscope and then compares a couple million bits togther, heck in a few weeks they might find a fully intact song!
Remeber they can't take 4/5s of a Song and sue me for it, They most find all those pretty Music files first before they can sue me(And considering the nessary anaylis time on a ES Microspe thats a three to five month job...)
They probably don't even need the ES microscope, if the HDD is merely zeroed rather than written with random data, they can just analyze the signals comeing off the HDD heads and amplify it. That is why random data is best. Do that repeatedly while the hard drive is cold booted and again after it has been running for a while to make sure you get everything.
Also, remember that zeroing the HDD takes time, in case they break into your house. Destroying a floppy with the encryption key is fast- a CDR is faster. Microwave the CD for about 3 seconds or rip apart the floppy and burn the media. (Does dipping a floppy in water and microwaving work too?) This isn't too secure though, but useful if you do not have prior warning, and do not want to attach thermite to the HDD.
From
http://www.sans.org/rr/incident/deletion.php
Securely Deleting Files
It has been established that deleted files can be recovered. Is it possible to delete a file (and its associated files, temporary, spooler, etc.) so that it cannot be recovered? There are rumors that government agencies have the capabilities to recover data that has been overwritten as many as 21 times. From a corporate perspective, an individual will have to determine the value of his data and determine the steps that can be considered "reasonable and practical" to prevent proprietary data from being stolen or recovered by competitors or groups intent on corporate espionage. The main premise for preventing data from being recovered is to overwrite it. The question becomes how many times should it be overwritten? There are individuals that believe that overwriting data only one time is sufficient to prevent the recovery of deleted files. However, the more the data is overwritten, the less likely it becomes recoverable by any means. For a drive currently in use, it is necessary to overwrite slack space and unallocated space. There are a variety of tools available to perform this task (some of which will be described later). These tools use one of three overwrite methods:
Single Pass – data area is overwritten once with either 1’s, 0’s or pseudorandom data
DoD Method – the data area is overwritten with 0’s, then 1’s and then once with psuedorandom data. Many tools use variations of this, overwriting as many as seven times, using three alternating passes of 0’s and 1’s following by one pass of psuedorandom data. This is based on standards outlined in the Department of Defense Manual 5220.22 M, also known as the National Industrial Security Program Operating Manual or NISPOM. This manual outlines the steps to both "clear" and "sanitize" a "rigid non-removable disk". To clear a disk it states that you must "overwrite all addressable locations with a single character." To "sanitize" a disk you must do one of the following:
* Degauss with a Type I degausser (degaussing exposes the drive to an electromagnetic field)
* Degauss with a Type II degausser
* Overwrite all addressable locations with a character, its complement, then a random character and verify. THIS METHOD IS NOT APPROVED FOR SANITIZING MEDIA THAT CONTAINS TOP SECRET INFORMATION.
* Destroy - Disintegrate, incinerate, pulverize, shred, or smelt.2
Guttman Method – the data area is overwritten 35 times. This method uses psuedorandom data to overwrite the drive and overwrites the drive taking into account the different encoding algorithms used by various hard drive manufacturers, RLL (run length limited), MFM (modified frequency modulation), PRML (partial-response, maximum-likelihood). This method of overwriting data was created by Peter Guttman, and is described in his paper, "Secure Deletion of Data from Magnetic and Solid State Memory."
It is important to note that the consensus is that overwriting the data only reduces the likelihood of data being recovered. The more times data is overwritten, the more expensive and time consuming it becomes to recover the data. In fact Peter Guttman states "…it is effectively impossible to sanitise storage locations by simple overwriting them, no matter how many overwrite passes are made or what data patterns are written."3 Overwritten data can be recovered using magnetic force microscopy, which deals with imaging magnetization patterns on the platters of the hard disk. The actual details of how this is accomplished are beyond the scope of this paper.
Heres a program for wiping:
http://www.tolvanen.com/eraser/
Of course you are right Mr. Bean, the RIAA isn't going to spend thousands and thousands of dollars when they can get someone else to make an example of. Still, paranoia is good.
