[Cryptography] Ex-CIA Joshua Schulte Describes His Data/Crypto Hiding Prowess

Jon Callas jon at callas.org
Wed Mar 4 17:27:52 EST 2020 

> On Mar 4, 2020, at 3:52 AM, Jerry Leichter <leichter at lrw.com> wrote:
> 
> Also worth noting that the NSA still mainly insists on physical destruction of hard disks.  (An NSA-approved - likely very high powered - degausser is sufficient but even then they recommend physically damaging the disks themselves.)
> 

For their purposes, I think it's a reasonable thing. However, it's reasonable more from a human-compliance issue than anything actual. Data destruction has two parts. The first is destroying the data; the second is convincing yourself and others that you destroyed the data. A bag full of metal shards is pretty convincing.

Modern disk drives become completely inoperable when you degauss them. The write heads don't have enough magnetic flux to be able to reapply the basic media format, so when you degauss it you've effectively destroyed the disk. The heads literally can't write the media. There is also no good way to re-format the platters because you'd to disassemble the drive, use powerful enough heads to format, which also need to match the read heads you have.

It's not uncommon for manufacturing runs to make changes for some reason to internal components. A challenge for data recovery is that often one needs a donor drive for components that is part of the same manufacturing run. (Anecdote: I made a large NAS server not that long ago, and talked to Scott Moulton for some advice and he recommended buying an extra spindle to keep on a shelf. The reasons are both that if/when you need a replacement you have one right there, as well as having a suitable donor should you need that.)

Nonetheless, imagine that I have two drives, one that has been degaussed and one has not. The only way for us to tell which is which is to hook it up to some system and try to use it. "Are you sure you fried it?" is a question that is hard to answer with degaussing, but if I shredded the degaussed drive, a reasonable person could tell it from the one that still has data on it.

	Jon

More information about the cryptography mailing list