[Cryptography] Magnetic media destruction question
Henry Baker
hbaker1 at pipeline.com
Wed Jan 7 16:29:04 EST 2026
-----Original Message-----
From: Christian Huitema <huitema at huitema.net>
Sent: Jan 7, 2026 1:03 PM
To: Peter Gutmann <pgut001 at cs.auckland.ac.nz>, cryptography at metzdowd.com <cryptography at metzdowd.com>
Subject: Re: [Cryptography] Magnetic media destruction question
On 1/7/2026 8:36 AM, Peter Gutmann via cryptography wrote:
> Asking on behalf of a third party: It appears that customers of media
> destruction companies have started asking for shredding beyond the maximum
> levels specified in standards like DIN 66399, which is both difficult and
> expensive to achieve (additional processing stages, higher energy consumption,
> increased wear on equipment, etc). Does anyone know what's driving this, is
> it just the usual numerology approach to security? It's hard to see how
> anyone would be able to identify which of the million pieces of confetti in a
> tub of shredded media are worth looking at let alone be able to recover
> anything from the one piece of confetti they've picked out, which would
> indicate it's been driven by numerology rather than actual threat analysis.
>
> Are there any security standards that mandate beyond-DIN 66399 T-7 shredding?
> And what threat modelling is being done that would imply someone can recover
> data off a piece of confetti buried in among a million others?
It is certainly possible to put back together shredded documents from the confetti. The Islamic revolutionaries did just that in 1979. See for example https://en.wikisource.org/wiki/Portal:Documents_seized_from_the_U.S._Embassy_in_Tehran. The top banner of that site says "A large number of documents, some already shredded , were seized by Iranian Islamists during their 1979 occupation of the U.S. Embassy in Tehran . They were pieced together and made public". I suppose that modern spies would take pictures of the confetti and feed that to a big computer instead of doing it manually.
The plausible defense is "shred then burn". As an individual, shred the documents, put the confetti in a pail, throw a match.
-- Christian Huitema
---
The Germans have been painstakingly reconstituting Stasi documents:
https://time.com/archive/6907085/piecing-together-germanys-shredded-stasi-files/
Piecing Together Germany’s Shredded Stasi Files
Claudia Himmelreich / Berlin April 21, 2010 12:00 AM EDT
More information about the cryptography
mailing list