the most effective privacy software?

I once read a proof of concept that alleged that data can be recovered past three wipes (DoD short) using specialized magnetic microscopes. On the other hand, this is worth giving a read:

http://16systems.com/zero/index.html

essentially it says that it is impossible to recover data from a hard drive that is over written with 0s using the unix dd command. Here is a quote from a professional data recovery business in regards to recovering data erased with 0's using the dd command on a hard drive:

I believe that ANYONE would have a great deal of difficulty recovering data from a hard drive wiped with 8 passes of random data, although it might be possible with in the realms of the NSA.

 

Well, I reckon most of Wilder's members are average joes when it comes to shady activities, so this discussion is of a rather academic nature - though it's still interesting and not without importance.

The HD:s of the cold war days weren't what they are today, and it's hard to believe there's technology that's commercially unavailable outside of Hollywood movies (hadron colliders, proton bombs and similar contraptions excluded, of course). After all, the elements of hardware technology are more or less in the public domain, and as for the software approach, well, there's a host of brilliant programmers and hackers out there. I understand HD manufacturers use very sophisticated stuff for quality checks in pure lab situations, but as far as I know that's as advanced as it gets, and they claim to be unable to recover anything but odd bits. Everything I can find on the web about this topic seems to be speculations and allegations, sometimes based on seemingly sound reasoning, sometimes not. So I'd still love to see a stringently documented real life case of recovering meaningful data from an overwritten HDD.

I doubt it, for the reasons given above. On the other hand, that "zero challenge" thing doesn't look very convincing if you study it closely.

 

I think NSA has technology outside of the public realm. For example, AES is listed in their suite B cryptology protocols. Suite A is classified, and is for use with things of more importance than suite B.

 

NSA Suite B Keylength Recommendations

 

I said the same, just that I belive the probability of success is low.

Good thing you told me, so I won't bother trying to convince you. It would be a waste of my time.

Did you have any proof to support all of the above affirmations?

 

I found it odd that Rijndael was named AES instead of Serpent, despite Serpent being superior from a security perspective. NSA seems to want everyone to use AES, and what spy agency worth their weight is going to suggest people use an algorithm they can't crack?

A 128 bit symmetric key has at most 64 bits of security against a quantum computer. A 256 bit key has at most 128 bits.

 

quantum computers are good at cracking some symmetric crypto in theory. I don't think it works very well against elliptic curve cryptography though.

 

Actually quantum computers are quite efficient at breaking elliptic curve cryptography, and all public key systems. Symmetric algorithms stand up much better, but still have a maximum bit strength of 1/2 what they would against a 'classic' computer.

Public key systems should be used for key distribution and nothing more, at least in the ideal security system. Alice writes a message to Bob and encrypts it with serpent-256, then encrypts the passphrase to Bob using his public elliptic curve based key. Bob decrypts the asymmetric message using his private key, and uses the decrypted passphrase to decrypt alices message. When Bob responds to alice, he uses a 512 bit hash of the original passphrase so he doesn't need to send another key to alice (bob could also use a hash + the hash of that hash + the hash of that hash together, as long as alice knows the protocol as well). Bob then does a secure 7 pass wipe on the asymmetrical message (as does alice). They then communicate only with symmetric encryption, using a new hash of the old passphrase each time, and securely wiping the old hash between messages. That way, the window of opportunity is one message (the original key transfer). With out that message being intercepted and compromised, a quantum computer will still have trouble to break a 256 bit symmetric cipher (actual bit strength a maximum of 128 bits against a quantum computer). Using a 512 bit symmetric key would actually be better, with a maximum security of 256 bits against a quantum computer.

That is the ideal communication system. Signatures would be done with elliptic curve systems as well, and contained with in the symmetric encryption.

Elliptic curve pke is far superior to traditional pke though, I believe a 512 bit elliptic curve key has the security of a traditional (rsa, for example) key of over ten thousand bits.

 

I'm no cryptographic pro, but I would like to learn more. Are there any papers on qubits vs. crypto algos?

 

http://en.wikipedia.org/wiki/Quantum_computer

read under potential.

 

I tried the Sweepi program on my son's computer.I disabled the firewall and antivirus before running.It seemed to run very slow compared to Ccleaner.I did have this program installed about a year ago and deleted it.Did anybody else find it slow running XP Home?

 

Whats the platters storage capacity?

surely after so many over writes it would get to a point where the original data would have to cease to exist?

 

Just a few thoughts about using erasing software with system encryption, or whole disk/full disk encryption (pick your name).

I think it completely defeats the purpose of having the entire system encrypted, and here's why.

A computer fully encrypted with a strong passphrase is the last defense. The Fort Knox of computer privacy. To go further and say you need to use a wiping utility as well just in case they get through your strong encryption is basically starting back at square one and a system with no encryption. I mean, really, where does it end? It's like having the strongest safe possible and then saying, but in case they get into my safe I'm going to put another safe inside my safe. See? That goes on without end. You have the little novelty boxes of a box inside a box inside a box inside three or four more boxes. At some point you must have a completely "clean" system and lock it down. Erasers at that point do no good and also, by the way, precludes the use of keeping private documents in the encrypted disk. If you're having to erase the deleted files (within the encrypted disk) then obviously you couldn't have private documents not erased. So what do you do with them?

Everyone has their own personal protocol for computer security and privacy and I understand that. But, at some point when it comes to privacy, you have to feel content with your safety measures. You could encrypt the entire disk, erase the deleted files, keep documents in another encryption container and then lock the computer in a safe which you then put in another safe. You then take that safe and put it in something and bury it. You then cover the area of burial with a shed and put a trap door to access the box so you can get to the safe which has the other safe which has your encrypted laptop which has the erasing programs and second encryption utility, and on and on that kind of thing could go.

I don't know if I'm making my point here, but seriously, erasing the deleted files on a highly secure encrypted computer just makes no sense to me. If it does to you, then that's fine. But you then should consider the other layers. For me, a computer with full system encryption is the Fort Knox. Going beyond that "just in case" opens up a whole new level of "what ifs" that can never settle your mind and allow you to feel secure.

Did any of that make sense?

 

привет, сибиряк!

 

But sometimes people encrypt systems that had sensitive information on them before. I am not sure, but I think if you have sensitive files on your machine when you encrypt it, it is just like doing a single pass wipe with random data. A forensic team could theoretically find the the decrypted file the same way they find a file that has been over written once. If you wipe with a secure algorithm prior to encryption, it will protect against this.

 

what language is this? can we have a translation?

 

It looks Russian but I don't know what it means.

 

The information wouldn't be found within the system encryption itself because you have encrypted every single sector. It wouldn't be just recovering a file, they would have to somehow get beneath the encryption to attempt any kind of recovery. Now, it's different with encrypting containers, or even partitions. That's where the proper use of encryption products come into play. For example, you never want to use the "Quick Format" option when creating a Truecrypt container for the reason you mentioned. There are times when it would be ok to do this, but I think it's safer here to just say never use the Quick Format, and similar options with other products, and you'll be safe with the result of the encryption (provided you've done everything else correctly such as strong and secure passphrases and so forth). But the question at hand about erasers inside a fully encrypted system serves no purpose except for "what if" scenarios and there's no end to those.

 

well I Guess using erasers on a fully encrypted disk does provide an xtra layer of security.

After all you just don't know for sure what back door encryption keys have been handed over to the authorities by encryption programmers.

 

It's russian and I think it means "Hello siberian"

 

They could possibly get beneath the encryption with a magnetic microscope is the thing. Thats why when you do full drive encryption with truecrypt it lets you do secure wipes first. I agree using an eraser INSIDE an encrypted drive is pointless, but it is a risk to encrypt a drive with sensitive information already on it unless you do some sort of a wipe first.

 

Google is your friend! other than that this has become an endless conversation into Theories and Opinions, yes their are facts stated in many posts, but the real truth about the majority of the Encryption and data recovery subjects we seek lies in the hands of the government officials who hold this classified Information which is not released to the public!

This is just how I feel, our right is to believe whatever suites us the best, my conversation in this thread is now over!

 

I have been becoming increasingly weary of Eraser, and the new requirement of the bloated .NET 3.5 for version 6. I have used BCWipe in the past, and like it a lot. How effective would that be, compared to something like R-Wipe?

 

You know by having to layers of encryption would be the ULTIMATE security setup.

Encrypt your hard disks with PGP. The inside your PGP encrypted hard disks create encrypted volumes using True Crypt.

 

Is this something we know or something we just think? Are the advances in technology made in the last thirty years and employed in major research labs - "masses" as you call them - in fact thirty years behind? If so, I'm impressed by governments' ability to keep all that knowledge secret. I wonder where and how they get it. It must be some kind of permanent global Manhattan project.

Lots of sense, really, though it doesn't quite suit my personal current MO (computer running close to 24/7 and me being off to work five days a week). I confess that I worry a lot more about mass surveillance of communications.

If you throw in Free Compusec for good measure you'd have three lines of defense, but against whom? By the way, if I were a CIA agent, I'd reckon that the cheapest and quickest way to get the info I want would be a traditional brute force attack on the culprit himself, so I'd outsource him to some country that provides such services.