[clue] bizarre block size Was Related To: secure erase techniques?

Jim Ockers ockers at ockers.net
Tue May 31 09:46:05 MDT 2011 

Hi,

OK now I feel compelled to chime in. :)

Raymond DeRoo wrote:
> Folks--
>
> A few have asked me why I choose the options to dd that I provided. Since enough asked I thought a reply to the list would be in order, for those not overly interested in techno mumbo jumbo please make judicious use of your DELETE key.
>
>
> Let my start by saying there was an error in the line I provided, it should have used 383 for both values and not 387. So question still remains "why"?
>
> Depend upon your distro a default block sizing of either 512 or 1024 will used by when non is provided. Additionally most applications and file system also allocate space on byte boundaries. Remembering that the goal here is to scramble the data, and to help reduce the "magnetic ghost image", I choose a non-standard block size. So why the value of 383 specifically? Well it changes each time I need to do this, but I nearly always choose a value that is a prime number. Now the value being prime does not, in and of itself, lead to any greater amount of security, but having the data aligned on non-standard boundaries does make the work of recovery specialist all the more difficult. 
>
> To the question when not providing a block size "Is my method wrong." the answer is simply "No". It makes it a *bit* easier to recover, but nothing which I would ever loose sleep over.
>
> .r
> _______________________________________________
> clue mailing list
> clue at cluedenver.org
> http://cluedenver.org/mailman/listinfo/clue
>   

The use of a prime number block size to try to make the work of a 
recovery specialist more difficult is a curious theory and hypothesis. 
Do you have any analysis or publications which would support this claim? 
It seems a bit voodoo to me, because I think if the bits are coming from 
/dev/urandom, by the time the bits get to the device and written on the 
magnetic media they will all be more or less contiguous regardless of 
the block size or alignment or boundaries that you try to use. Unix 
block devices are treated as a sequential series of blocks, starting at 
block zero, and ending at the last block of the device. When you dd 
directly to the device, the bits will fill up the device starting at the 
first bit of block zero and ending at the last bit of the last block, I 
think.

But regardless of all that, I think you cannot be reasonably certain 
about how a modern hard disk stores data on the platter. I'd like to say 
"me three" on the recommendation to use DBAN.

The DBAN FAQ has the following additional information. Peter Gutmann has 
done a lot of thinking about security and deletion of data and I'd be 
inclined to read and understand his papers if you really want to be sure 
your data is deleted without grinding up the disks, or else just use DBAN.

http://www.dban.org/node/40

These Peter Gutmann papers are worth a read:
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
http://www.cypherpunks.to/~peter/usenix01.pdf

Hope this helps,
Jim

-- 
Jim Ockers, P.Eng. (ockers at ockers.net)
Contact info: http://www.ockers.net/msi.html

More information about the clue mailing list