mdr@reed.UUCP (Mike Rutenberg) (10/28/87)
I remember seeing a file of constants on a VMS system that said that it conformed to some federal standards for erasing data on disks. Namely, you had to write over the data you wanted to destroy with something like: 10101... 01010... 00000... 11111... Does anyone know about this standard? Any idea of the technical issues that were addressed during the creation of the standard? Please send me mail as this isn't exactly crypto stuff - More of system security. Mike -- Reed College -- Portland, Oregon -- 503/775-7003 (before 9am)
Kenneth_R_Jongsma@cup.portal.com (10/30/87)
Others may be interested.... The actual requirement is that the media be written with at least 100 alternating 1/0 bits. i.e 11111 00000 11111, etc... Some media cannot be declassified. If memory serves, the old (still in use in the Minuteman system) core memory had to be destroyed.
ag@crash.CTS.COM (Keith Gabryelski) (11/02/87)
In article <1175@cup.portal.com> Kenneth_R_Jongsma@cup.portal.com writes: >Others may be interested.... The actual requirement is that the media >be written with at least 100 alternating 1/0 bits. i.e 11111 00000 11111, >etc... Some media cannot be declassified. If memory serves, the old (still >in use in the Minuteman system) core memory had to be destroyed. I am interested in 'Why' 100 alternate 1/0 writes will not declassify some media. It seems to me that after 5 or so random 1/0 writes the original data would be so far gone that retreival by any means is impossible. Enlighten me. --Keith -- ARPA: crash!ag@nosc.mil INET: ag@crash.CTS.COM UUCP: {cbosgd, hplabs!hp-sdd, sdcsvax, nosc}!crash!ag
3ksnn64@pur-ee.UUCP (Joe Cychosz) (11/02/87)
In article <1175@cup.portal.com> Kenneth_R_Jongsma@cup.portal.com writes: >Others may be interested.... The actual requirement is that the media >be written with at least 100 alternating 1/0 bits. i.e 11111 00000 11111, >etc... Some media cannot be declassified. If memory serves, the old (still >in use in the Minuteman system) core memory had to be destroyed. I believe that once a media has been used for classified data, it can not be re-used for unclassified data. To dispose of, it must be destroyed. It is quite easy (given the proper equipment) to recover information that has be written over several times.
lc@pbhyd.UUCP (Larry Colton) (11/03/87)
In article <6964@pur-ee.UUCP> 3ksnn64@pur-ee.UUCP (Joe Cychosz) writes: >It is quite easy (given the proper equipment) to recover information that >has be written over several times. Could you enlighten us with the details? There is great commercial potential in being able to recover files that have been accidentally overwritten. --- Larry Colton {ihnp4,pyramid,qantel}!ptsfa!pbhyd!lc Pacific * Bell San Diego
3ksnn64@pur-ee.UUCP (Joe Cychosz) (11/04/87)
In article <1945@crash.CTS.COM> ag@crash.CTS.COM (Keith Gabryelski) writes: >I am interested in 'Why' 100 alternate 1/0 writes will not declassify some >media. It seems to me that after 5 or so random 1/0 writes the original >data would be so far gone that retreival by any means is impossible. > >Enlighten me. > Small signal analysis can be used to recover "each layer" of data written.
mitch@stride1.UUCP (Thomas P. Mitchell) (11/04/87)
In article <1029@pbhyd.UUCP> lc@pbhyd.UUCP (Larry Colton) writes: >In article <6964@pur-ee.UUCP> 3ksnn64@pur-ee.UUCP (Joe Cychosz) writes: >>It is quite easy (given the proper equipment) to recover information that >>has be written over several times. > >Could you enlighten us with the details? There is great commercial >potential in being able to recover files that have been accidentally >overwritten. There tends to be small differences between the signal levels as a result of the previous data. A 1 which overwrites a 1 is commonly a small amount stronger than if the previous data was a 0. Careful signal analysis can attempt to remove the obvious data by subtraction. The result is the previous data. If the data is valuable enough the effort is worth it. Also there is some information on the edge of the track that is effectively unchanged because of the minor alignment differences from one write to the next. Using heads of slightly different sizes and alignments can increase the signal to noise (data) ratios. In any case the last data is obvious which greatly simplifies its removal from the signal. In general the above is smoke. Although I have been told that some companies do provide a service recovering data from various types of media. The real security problem is if ANYTHING is permitted out of the room. How do you detect someone removing/trashing a tape or disk-pack that has been erased with encrypted (their code) data or written/erased with reduced current to the heads? It might look ok but out goes national security. When I was in school someone picked up some surplus (USAF) 1/2 inch tapes which we were going to split for audio use. We hung them on the CDC and they were not all blank. Since it was the very late 60's we were surprised, but not surprised that nothing made sense. In fact on many installations the dump and trash bin is one of the most securely guarded and managed areas. I do not know of any service companies by name that recover data but contact someone at a Big Blue/Bank data processing center for pointers. If you cannot get in try a suit and a job application. Brush up on COBOL RPG and such, big well run DP shops are worth a visit. The key words are "well run", not Big or Blue. Thanks for the soap Thomas P. Mitchell (mitch@stride1.Stride.COM) Phone: (702) 322-6868 TWX: 910-395-6073 MicroSage Computer Systems Inc. a Division of Stride Micro. Opinions expressed are probably mine.
john@frog.UUCP (John Woods, Software) (11/05/87)
In article <6964@pur-ee.UUCP>, 3ksnn64@pur-ee.UUCP (Joe Cychosz) writes: > In article <1175@cup.portal.com> Kenneth_R_Jongsma@cup.portal.com writes: > >Others may be interested.... The actual requirement is that the media > >be written with at least 100 alternating 1/0 bits. i.e 11111 00000 11111, > >etc... Some media cannot be declassified. If memory serves, the old (still > >in use in the Minuteman system) core memory had to be destroyed. > I believe that once a media has been used for classified data, it can not > be re-used for unclassified data. To dispose of, it must be destroyed. > It is quite easy (given the proper equipment) to recover information that > has be written over several times. At the Concourse Computer Center at MIT, most of our tapes were used tapes. Many of these had little stickers saying "SECRET", which had been blotted out with a magic marker. Presumably, there are ways to PREVENT the recovery of information that has been on the tape. -- John Woods, Charles River Data Systems, Framingham MA, (617) 626-1101 ...!decvax!frog!john, ...!mit-eddie!jfw, jfw@eddie.mit.edu "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart
3ksnn64@pur-ee.UUCP (11/05/87)
In article <1029@pbhyd.UUCP> lc@pbhyd.UUCP (Larry Colton) writes: >>It is quite easy (given the proper equipment) to recover information that >>has be written over several times. > >Could you enlighten us with the details? There is great commercial >potential in being able to recover files that have been accidentally >overwritten. > There is a residual of the original data still present. Small signal analysis can be used to recover the original data. Obviously the more times the tape is written over, the harder it is recover the intended data.
tjr@ihnet.ATT.COM (Tom Roberts) (11/06/87)
> Why won't writing many 1's/0's to a media declassify it?
Two reasons:
1) on many media (e.g. floppy disks), mechanical alignment is
necessary; writing over and over still doesn't GUARANTEE that
the entire width of the track was covered with the re-writes.
Someone very clever could come along with a very narrow read
head and read "between" the tracks, and find some thin region on
the media where the original data was written, but the over-writes
weren't.
2) most magnetic systems (e.g. floppy disks) are designed with write
field strengths that put the media into the non-linear reqion of
the magnetic susceptibility curve. Over-writing does not GUARANTEE
that the original data was not further up the hysteriesis curve than
the over-write. Someone very clever could come along with a fancy
read amplifier, and read the original data, even in the presence of
the over-written data "noise".
Tom Roberts
ihnp4!ihnet!tjrdlm@cuuxb.ATT.COM (Dennis L. Mumaugh) (11/06/87)
In article <1945@crash.CTS.COM> ag@crash.CTS.COM (Keith Gabryelski) writes: >In article <1175@cup.portal.com> Kenneth_R_Jongsma@cup.portal.com writes: >>Others may be interested.... The actual requirement is that the media >>be written with at least 100 alternating 1/0 bits. i.e 11111 00000 11111, >>etc... Some media cannot be declassified. If memory serves, the old (still >>in use in the Minuteman system) core memory had to be destroyed. > >I am interested in 'Why' 100 alternate 1/0 writes will not declassify some >media. It seems to me that after 5 or so random 1/0 writes the original >data would be so far gone that retreival by any means is impossible. > >Enlighten me. > Having a modest part in the original decisions that lead up to the policy I will attempt to answer ..... Way back when, our group had a problem with computers that ran classified programs (and with classified data). What to do with the defective memory which in those days were magnetic core based. Certain studies said [ deleted ] .... So the final policy was that if one over wrote the data with 100 cyles of ones and zeros (alternating) any data would be so buried in the ramdom molecular noise that .... This was for magnetic cores. Similar behavior was approved for tapes using VERY strong degaussing methods. But then some one asked the question: "That means I could mail the tape to the Russian Embasy, then?" And the powers that be looked pale. So, the compromise was reached: treat it as unclassified but don't EVER let it leave safe handling. The effect was to allow it to be handled administratively unclassified and stored that way. But when sending a tape out of the "compound" one must certify that the tape has NEVER had any classified data on it. Hence our penchant for sacrificing virgins [tape that is] to the computer. Disks are a diferent story as the write heads tend to splatter. Also only certain tape degaussers are approved. BTW: I once did send some one a tape and they were VERY disappointed that it wasn't used, with intereresting goodies following the two tape marks. -- =Dennis L. Mumaugh Lisle, IL ...!{ihnp4,cbosgd,lll-crg}!cuuxb!dlm
john@hpcvla.HP.COM (John Eaton) (11/06/87)
/ hpcvla:sci.crypt / john@frog.UUCP (John Woods, Software) / 2:33 pm Nov 4, 1987 / In article <6964@pur-ee.UUCP>, 3ksnn64@pur-ee.UUCP (Joe Cychosz) writes: > In article <1175@cup.portal.com> Kenneth_R_Jongsma@cup.portal.com writes: > >Others may be interested.... The actual requirement is that the media > >be written with at least 100 alternating 1/0 bits. i.e 11111 00000 11111, > >etc... Some media cannot be declassified. If memory serves, the old (still > >in use in the Minuteman system) core memory had to be destroyed. > I believe that once a media has been used for classified data, it can not > be re-used for unclassified data. To dispose of, it must be destroyed. > It is quite easy (given the proper equipment) to recover information that > has be written over several times. At the Concourse Computer Center at MIT, most of our tapes were used tapes. Many of these had little stickers saying "SECRET", which had been blotted out with a magic marker. Presumably, there are ways to PREVENT the recovery of information that has been on the tape. -- John Woods, Charles River Data Systems, Framingham MA, (617) 626-1101 ...!decvax!frog!john, ...!mit-eddie!jfw, jfw@eddie.mit.edu "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ----------
leonard@bucket.UUCP (Leonard Erickson) (11/07/87)
I seem to recall that heating a magnetic material above its Curie point will _totally_ randomize the fields. If so, the next question is "is the Curie point for a floppy (or tape) high enough to damage the media?" If the answer is no, then I can see the labels now... "to declassify, place media in 350 degree oven for two hours" :-) :-) -- Leonard Erickson ...!tektronix!reed!percival!bucket!leonard CIS: [70465,203] "I used to be a hacker. Now I'm a 'microcomputer specialist'. You know... I'd rather be a hacker."
gwyn@brl-smoke.ARPA (Doug Gwyn ) (11/08/87)
Aargh! There is not just one definite regulation covering this. AR380-380 is the Army's main Regulation covering computer security, but there are other documents too, some classified and some not. Generally disk packs, magtapes, MOS memory, etc. used for routine SECRET data storage can be overwritten a sufficient number of times with alternating patterns; otherwise the media can be "degaussed", although it may mean sending your media via authorized courier to some place with appropriate facilities. Some categories of information (e.g. SI) are considered too sensitive to take any avoidable risk, and for them the pattern overwriting method is unlikely to be authorized. The only safe thing to do is to consult your local ADP security office. If they don't know the regs, it's their job to find out.
robert@uop.EDU (Robert McCaul--The Equalizer) (11/08/87)
ok, a dumb question here... why don't you just use a bulk eraser like for audio tape, and nuke the disk?? then reformat it and go on?? (this would seem to work for tape and floppy media, although a hard drive might need the addition of a nuke switch and its own magnet) well??
jmm@thoth8.berkeley.edu.BERKELEY.EDU (11/09/87)
Seems like the method of choice for making sure the data will never be read again is a flamethrower |-)... My point is that it seems like destroying the things would be better than any erasing method. Or do I have a very bad idea of how much tape costs? James Moore ..!ucbvax!leggatt!jmm Ocus ni rabe isin bith ni dognethe n-eret sin leu acht cluchi ocus cheti ocus anius ocus aibinnius ocus longad ocus tomailt, conid de sin atat na trenae samna sechnon na hErend." -as an sceal _Seirgligi Con Culaind inso sis ocus oenet Emire_
hildum@iris.ucdavis.edu (Eric Hildum) (11/10/87)
I believe that the Curie point for most commonly used media is 200 Celsuis - which should be hot enough to destroy the mylar of tapes or floppies. As for hard disks, once it is no longer magnetic, you will have a hard time writing new data onto it, won't you? Eric
leonard@bucket.UUCP (11/12/87)
In article <456@ucdavis.ucdavis.edu> hildum@iris.UUCP (Eric Hildum) writes:
<
<I believe that the Curie point for most commonly used media is 200
<Celsuis - which should be hot enough to destroy the mylar of tapes or
<floppies. As for hard disks, once it is no longer magnetic, you will
<have a hard time writing new data onto it, won't you?
<
< Eric
I'm not so sure that that is high enough for damage but it is probably
too close. I _do_ know that there is a high speed tape duplication system
that heats the media past the Curie point and then cools it in "contact"
with the media to be duplicated. As the media cools it will _easily_
align its domians with any applied field.
As for hard disk media, the material becomes magnetizable after it is cooled.
--
Leonard Erickson ...!tektronix!reed!percival!bucket!leonard
CIS: [70465,203]
"I used to be a hacker. Now I'm a 'microcomputer specialist'.
You know... I'd rather be a hacker."cdl@mplvax.nosc.MIL (Carl Lowenstein) (11/12/87)
In article <456@ucdavis.ucdavis.edu> hildum@iris.UUCP (Eric Hildum) writes:
+I believe that the Curie point for most commonly used media is 200
+Celsius - which should be hot enough to destroy the mylar of tapes or
+floppies. As for hard disks, once it is no longer magnetic, you will
+have a hard time writing new data onto it, won't you?
Cool it!!
--
carl lowenstein marine physical lab u.c. san diego
{ihnp4|decvax|dcdwest|ucbvax} !sdcsvax!mplvax!cdlhildum@iris.UUCP (11/12/87)
Oops - I guess it has been to long since I looked at magnetic memory devices. gamma Fe2O3 converts to alpha Fe2O3 at a temperature of 400C; which I was remembering as the Curie point for some strange reason. Actually, the idea of heating the recording media to erase it might work for CrO2 which has a Curie point of 120C. Eric
mangler@cit-vax.UUCP (11/17/87)
Heating a disk pack past its Curie temperature will erase the
factory-recorded timing information on the servo tracks, which
the drive depends on to mark track and byte boundaries.
(Low-density disks like floppies don't have servo tracks).
Heating a whole Winchester drive past the Curie temperature
will demagnetize the permanent magnet in the head actuator.
Don't heat a hard disk unless you're going to incinerate it.
Don Speck speck@vlsi.caltech.edu {amdahl,scgvaxd}!cit-vax!speck