[Cryptography] Ex-CIA Joshua Schulte Describes His Data/Crypto Hiding Prowess

Jon Callas jon at callas.org
Tue Mar 3 17:51:20 EST 2020 


> On Mar 3, 2020, at 1:54 PM, Dave Horsfall <dave at horsfall.org> wrote:
> 
> 
> Seriously, I know someone in the data recovery business; he can handle just about anything short of physical destruction.  He does a roaring trade; at one time $BOSS had need of such a service (I think a backup tape was accidentally overwritten or something) and so I recommended him to the satisfaction of all parties[*].  And no, I did not get a spotter's fee...
> 
> Mind you, it pretty much comes down to "how much is your data worth to you?"....

[...]

> [*]
> In a nutshell, the magnetic domains are not aligned all at once when overwritten; with highly sensitive read amplifiers and appropriate signal processing you can dig down layer by layer as it were and recover from multiple overwrites.

Dave,

You're conflating a wide number of things here.

Some of them are things over time. For example, there are things that were true a long time ago (e.g. most of the things people will tell you about disks were true in the 1980s. The typical thing one hears is absolutely true about RLL disks, which were the way things were done in the late 1980s and not at all today). For example, disks in years past recorded their magnetic domains digitally (by which I mean they were recording ones and zeroes) horizontally, but now they're recorded vertically using analog recording -- yeah, these days, it's closer to a modem. Today, there's no such thing as "layer by layer" on these media. Some of them are true for some types of media (like tape) but not about disks (and let's not get started about flash, which is a whole other complex set of things entirely). 

Some of them are true about recovery of deleted data and not true about truly overwritten data (many times people think they overwrote the data, they didn't), and really, really not true about a disk where someone has opened up the drive and done something as simple as removing the platter(s) from the spindle.

Modern considerations are very complex because modern drives write data so tightly that it's hard to read it back in a lot of cases. This leads the vendors to do a lot of things that both leave recoverable data all over the place and make recovery very hard. And of course, if some cryptography is thrown into the mix (like some form of full disk encryption) it gets even more complex. 

It's all so complex that I could write several thousand words on the subject and actionable advice would still make one's head hurt. If you go to Scott Moulton's site, <http://myharddrivedied.com>, he's got a 21 page white paper, 90 pages on rotating media, and 100 pages on SSDs. They're all worth reading and I have learned lots from him over the years.

Anyway, categorical statements have enough caveats on them that they can quickly go from reasonable to not-even-wrong in the space of a glib clause in a sentence.

	Jon

More information about the cryptography mailing list