[Cryptography] Ex-CIA Joshua Schulte Describes His Data/Crypto Hiding Prowess

The Doctor [412/724/301/703/415/510] drwho at virtadpt.net
Wed Mar 4 13:13:38 EST 2020 

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Wednesday, March 4, 2020 3:52 AM, Jerry Leichter <leichter at lrw.com> wrote:

> 1.  "Solid state storage devices ... Power Removal: Sanitize DRAM (dynamic random-access memory), SRAM (static random-access memory), and Volatile FPGA by removing the power, including backup batteries. Once power is removed, sanitization is instantaneous."
>
>     Apparently some of the reported efforts at recovering RAM state are not considered meaningful threats.

Doesn't seem like it.  Physical access beats everything, though, so maybe guards, et al are implicitly
assumed to counter these threats.

> 2.  Smart cards: "Strip Shredding: A strip shredder with a maximum width of 2 millimeters will destroy the microchip, barcode, magnetic strip and written information on the Smart Card. Smart Cards must be inserted diagonally into the strip shredder at a 45-degree angle for proper sanitization.
>     NOTE: A CROSS CUT SHREDDER WILL NOT SANITIZE SMART CARDS."

Weird!  I would think that a crosscut shredder would bust up the fragments of the embedded chip in addition to
slicing it into pieces.

>     I don't recall any published information about recovering information from damaged cards. Clearly the NSA has done some work here. Note that cross-cut shredders are acceptable for diskettes and optical media.

Nor do I.  It hasn't been anything anyone I know has been working on, either.  Might make an interesting summer project.

>     Also worth noting that the NSA still mainly insists on physical destruction of hard disks. (An NSA-approved - likely very high powered - degausser is sufficient but even then they recommend physically damaging the disks themselves.)

Drive shredder.  There are some pretty nifty ones that can turn something as big as an old MFM or RLL hard drive
into glitter.  About ten years ago, the security company I worked for had one; we used to joke that it was for
interns as well as hard drives because it did such a good job.

The Doctor [412/724/301/703/415/510]
PGP (new, Protonmail): 4d7d 5c94  fa44 a235
WWW: https://drwho.virtadpt.net/
The old world is dying, and the new world struggles to be born. Now is the time of monsters.

More information about the cryptography mailing list