Recovering data from encrypted disks, broken CD's

leichter_jerrold at emc.com leichter_jerrold at emc.com
Fri Jul 28 10:16:23 EDT 2006 

>From a Computerworld blog.
 							--Jerry


When encryption doesn't work

By Robert L. Mitchell on Wed, 07/26/2006 - 12:00pm

In my interview with Ontrack Data Recovery this week (see
Recovery specialists bring data back from the dead:

http://www.computerworld.com/action/article.do?command=printArticleBasic&art
icleId=112460),

quite a bit hit the cutting room floor, including these three nuggets by
Mike Burmeister, director of engineering for data recovery:

Encrption can be broken
I was surprised to learn that Ontrack regularly recovers encrypted data
on systems where the user has lost the key. "There's only a couple of
technologies where we would run into a roadblock [such as] some of the
new laptops that have passwords that are tied to the media and to the
BIOS," says Burmeister. That raises the question: if they can do it, who
else can?

On encrypted systems that are more difficult to crack, OnTrack also has
a secret weapon. "Certain situations involve getting permission to get
help from the manufacturer," he says.

Broken CDs still yield data
Ontrack can also reassemble and recover data from CD-ROM discs that have
been broken into pieces. If you're using CDs for backups of sensitive
data, it's probably best to shred them.

Tapes work. People fail
Among the tape problems Ontrack sees most often are those related to
human errors, such as accidentally erased or formatted tapes.

"Formatting the wrong tapes is the most common [problem] by far.  The
other one is they back up over a tape that has information on it.  The
general thing is they back up the wrong data. We'll get the tape in and
they'll say, 'The data I thought was on this tape is not on it.'"

While those failures can be attributed to confusion, another failure is
the result of just plain laziness. "People run these backup processes
and they're not simple anymore. They run these large, complex tape
libraries and they call that good enough. They don't actually go through
the process of verifying [the tape]," Burmeister says. The result:
disaster strikes twice: once when the primary storage goes down and
again when the restore fails.

For more on how the technical challenge of recovery have raised the
stakes and what you can do to protect your data, see the story above.

Filed under : Security | Software | Storage
Robert L. Mitchell's blog



James Earl wrote:

It's really too bad that ComputerWorld deems to edit these
explainations. Especially when you consider its all ELECTRONIC paper.

Posted on Thu, 07/27/2006 - 4:12pm| reply

Security Skeptic wrote:

CDs (and DVDs) are very effective targets for recovery, because they
have massive error correction and the data is self-identifying because
of the embedded sector IDs. It's quite possible to recover a CD that has
been shredded, not just broken.

A few years ago, there was academic research describing automated
reassembly of shredded documents by scanning the bits and matching the
rough edges of along the cuts. I'm sure that technology has improved,
too.

The moral of the story is that physical destruction is hard. Grinding to
powder and heating past the Curie point are pretty reliable, but short
of that, it's tough. You're better off encrypting, as long as the key
actually is secret.

Posted on Thu, 07/27/2006 - 4:44pm| reply

Security Skeptic wrote:

Computer BIOS passwords: easy to recover by resetting or other direct
access to CMOS. You can do this at home.

Disk drive media passwords: hard to recover, but possible by direct
access to flash memory on the drive. This is tough to do at home, but
probably a breeze for OnTrack.

Disk drive built-in hardware encryption (which as far as I know is only
a Seagate feature so far) should be essentially impossible to recover,
unless Seagate has built in a back door, has fumbled the implementation,
or the password is simple enough to guess. Same is true for software-
based full-disk encryption: it can be invulnerable in the absence of
errors. Use it properly, and you'll never have to worry about your data
if the computer is lost or stolen.

Posted on Thu, 07/27/2006 - 4:54pm| reply

Iain Wilkinson wrote:

Surely it's far more common to use the BIOS to prevent a hard drive
being mounted in another device that to encrypt it.

As one of the other commentators says, the BIOS is pretty easy to get
into if you know what you are doing. Basing an encryption system on this
would inherit all its weaknesses.

Posted on Fri, 07/28/2006 - 7:53am| reply

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list