About | ACP | Buy | Forum | Industry Watch | Learning Curve | Search | Twitter | Xnews
Home » Learning Curve » Developers Workshop

To: Trey

Just get the machines!


Buy It

Try It

Hi,

This concerns TG directly.

We're not based in the US and have only today understood what Hillary Clinton did to her notorious mail servers: that is, and inter alia, use of something called BleachBit.

We hunted down BleachBit and have the source code. And so far we're not impressed. But first and foremost, we have to ask why and how someone can deign to implement a secure data shredder in the Python programming language.

We're not overly familiar with Python, as it's not 'low-level' enough for our liking. And to do data shredding properly, one normally needs low-level access to the file system proper. Again, we're not overly familiar with Python, but we'd find it strange to say the least if such a high-level language had access to the disk controller functions needed for the operations that disk shredding operations require.

We were the first company to offer secure shredding on Windows some 20 years ago. We were contacted by a colleague today working at Crowdstrike who told us of the deplorable state of affairs with data shredding on that platform. Our friend pointed us to one product in particular that he found rather ghastly.

The product in question offered successive passes with data overwrites, but the first two suggested passes (and the product recommended two) effectively canceled each other out, this because the software author was, to put it bluntly, a complete dork.

Given its default settings, the product did nothing to target files, and left them lost forever to the user, but eminently accessible and intact to even kindergarten-caliber forensic tools.

We were convinced, and set about writing our own utility to put balance and common sense back in the market, and were eventually chosen by Windows Magazine for a special 'Top Ten' mention in 1999.

Our takeaway from that experience was that the marketplace for data shredders, as for so many other 'snake oil' products, was populated by people who knew nothing, or less than nothing, both buyers and sellers.

We chose to implement the most grueling shredding algorithm of them all, the method proposed by Dr Peter Gutmann of Auckland, New Zealand.

Our impression, then as now, is that most programmers, many of them no more than wannabes, simply found it too difficult to understand, much less implement, the Gutmann method.

Our own utility, ShredPerfect+, went further than the 35 steps of Peter Gutmann.

http://radsoft.net/gallery/spx/

We used a total of 39 steps to further obfuscate even the fact that there'd been obfuscation.

A few years later, another product started spreading like a pestilence - Evidence Eliminator.

http://radsoft.net/software/reviews/ee/

We reacted by creating an exact duplicate of that insidious piece of software, minus all the evil stuff, concentrating on the actual data scrubbing that had been advertised.

On the very day - the very hour - we sent out our own product, called Evidence Eliminator-Eliminator, to our clients and beta-testers, we recalled it.

For there was no reason to try to duplicate such a piece of poorly designed shit. We recalled, and immediately announced that another, far better, product would take its place: the E3 Security Kit.

http://radsoft.net/gallery/e3/

The E3 Security Kit became a suite of a dozen high-power administrator tools: E3 Control Panel, E3 Wrapper, E3 InCtrl Importer, IE Cache Browser, Shortcut Cleaner, Rx Viewer, E3 Finalizer...

Response was good, in particular from a department at the Pentagon, who tested and ultimately bought their site licence for a department there.

Because of the nature of their work manufacturing '$50 toilet seats', we cannot reveal more about this group, save through secure channels and to people who demonstrably are themselves secure. Nor can we share their rather glowing letter of reference under any conditions other than the above - their letter is quite explicit in that regard. But if can you arrange security, we can of course share.

And it was at this group's behest that we added a star to the top of the E3 tree: E3 Nighttime.

http://radsoft.net/gallery/e3/07.shtml

E3 Nighttime is the end-all for agents in the field. The idea is to make sure that people who are at hotels or motels or other locations outside their normal secure areas have automated data security.

(A special request from the group, to 'blink' the lights on the bridge, was denied - with a chuckle.)

This package, together with security procedures we worked out with the group two days before the holiday break when our contact was flying to Jimmy Buffett's paradise, in a marathon 17-hour session, ensured that no one, not even by accident, could leave data in an insecure state. All computers were distributed through administration, and all system startups required network access, where the necessary data shredding routines were located. There was, quite simply, no way anyone from this 'toilet seat' department could boot a local system or acquire a laptop for travel without also having the E3 Security Kit ready to run.

The success of this Pentagon project led to them recommending our product to Verizon, who became an even bigger client.

Other clients followed, such as the German Federal Police, the Government of Western Australia, and the offices of the United States Supreme Court.

All this is said not to overwhelm with too much information, but to impress on you that we, of all people, know what we're talking about.

Data shredding fell out of vogue a few years later. Two of us also decided to migrate our work to the more secure OS X platform, where we again were first in bringing secure data shredding to market.

http://rixstep.com/4/0/spx/
http://rixstep.com/4/0/spxn/

On Peter Gutmann
----------------
Dr Peter Gutmann's quite the researcher. His paper on secure deletion became an industry standard.

http://rixstep.com/2/20030314,00.shtml

Unfortunately, and perhaps we should have expected, there were a number of lame objections to his method.

* It's too time-consuming. This is patently false. One simply has to write the code properly, as we repeatedly demonstrated. Our products are fast. They're written properly.

* It's too difficult to implement. This is never expressed outright, but we suspect this has often been an underlying factor. Seasoned engineers are OK with this, amateurs not so much.

* Hard drive technology has changed. And it is true, for it has, but recent studies show that only half of today's new hard drive technologies are capable of shredding on their own. Fallback is needed, even today.

* Peter himself has issued a caveat stating that not all 35 steps of his method are needed. But this was obvious from the beginning. His method addressed the frailties of all the existing hard drive technologies. Users are not going to know, from computer to computer, which hard drive technology they have, and the idea of having separate shredders for each drive type is not only inane and pointless but downright ridiculous. Shredding, if done correctly, does not take that long.

* One nay-sayer even claimed there was no substance to Gutmann's hypothesis that the DOD or NSA have data recovery and data shredding technologies that no one has seen, simply because they haven't been seen. This claim falls on its own foolishness.

Claims on the blog of BleachBit fall on their obtuseness. References that are cited only end up contradicting the claims of the authors of the blog article, who seem a bit desperate to prove that their own single-pass overwrite with ALL ZEROS (even though drives are analog) is good enough. Clearly there's a downside to trying to provide secure deletion tools in Python.

None of which says that Hillary's BleachBit treatment wasn't effective, only that there's a good chance it wasn't. Given the way people pass buzzwords around without actually understanding what they're talking about (all too few people actually know what they're talking about, as you may have suspected) the odds are good that, ceteris paribus, her 'deleted data' is, in fact, recoverable.

We have no further knowledge of this affair, where her servers are, or what's happened to them since last anyone inquired. But the idea, that data recovery should be dismissed simply because someone said that data got shredded by a one-pass 'all-zeroes' shredder written in Python, is woefully unproductive.

We'd be happy to answer questions and help in any way we can. Your work is greatly appreciated.

Best regards.

See Also
Radsoft: ShredPerfect+
Radsoft: The Evidence Eliminator Documents
Radsoft: E3 Security Kit
Radsoft: E3 Nighttime

Rixstep: SPX
Rixstep: SPX Nighttime
Rixstep: The Secure Delete Hoax
Rixstep: FTP: Secure Deletion of Data from Magnetic and Solid-State Memory

Usenix: Reliably Erasing Data From Flash-Based Solid State Drives

About | ACP | Buy | Forum | Industry Watch | Learning Curve | Search | Twitter | Xnews
Copyright © Rixstep. All rights reserved.