Discussion Data recoverability or data security?

Toggle sidebar Toggle sidebar
F

fzabkar

Illustrious
Sep 22, 2010
9,745
840
39,390
If you have protected your sensitive data with a password, would you want that password to be unbreakable, even by the manufacturer of the storage device, or would you want there to be a backdoor that would enable you to recover your data in the event that you forget your password? Criminals and nefarious governments, not just the good guys, would have access to the same backdoor.

My question was prompted by a discussion in a professional data recovery forum. Not surprisingly, they all voted for recoverability over security.
 
Last edited:
fzabkar said:
If you have protected your sensitive data with a password, would you want that password to be unbreakable, even by the manufacturer of the storage device, or would you want there to be a backdoor that would enable you to recover your data in the event that you forget your password? Criminals and nefarious governments, as well as the good guys, would have access to the same backdoor.
Click to expand...
Forgetting the pwd is a non issue.
Don't do that.

If it is backdoor crackable by the manufacturer or whoever, it is crackable by anyone.

3rd/4th level backup, offline and unencrypted.
Physically hidden.
 
  • Like
Reactions: CountMike and COLGeek
Do the others have access to the backdoor because it's just been made publicly available? Or was it found by hackers or something? Either way, why bother with a password at all if the data can be retrieved without it, other than preventing casual non-tech people from just opening your files if they happen to sit at your computer? The question just becomes who are you trying to protect it from?

Zip, Excel and other formats have password protection, but they're easily opened without the password and it's easy to find the ways to do it. They stop casual browsers, not anybody who is deliberately trying to open your files. If you're concerned about governments and hackers, you clearly want something that is non-breakable and you simply can't lose the password.
 
The whole foundation of data recovery involves cracking the firmware to provide access to the hidden firmware modules on the platters. It's more than just passwords. Stuxnet was firmware-level malware developed by the US government. The "Equation Group" (an NSA cyber team) was exposed by Kaspersky, and their tools became widely available, not just on the dark Net.

Some years ago, the Australian government legislated, or attempted to legislate, that all manufacturers of security products must implement a backdoor for the use of the government. Needless to say, Australian politicians aren't the sharpest tools in the shed.

My point is that, if your storage device is lost or stolen, nobody should be able to access your data under any circumstances. This necessarily means that you accept that your data will be unrecoverable, even by you, if you lose your password. If there are ways to circumvent your password, or access the hidden firmware modules, then it's essentially useless as a security device.
 
USAFRet said:
Absolutely!
Click to expand...
The corollary is that those data recoveries that require firmware level access (i.e. most physical data recoveries) would be impossible because they use the same methods as password recovery. I'm asking whether users would be prepared to make that sacrifice. The data recovery pros say no.

For example, let's say you have formatted an SMR drive, or an SSD. Both support TRIM. This means that they will return zeros for every formatted sector. In order to recover your data, you would need to gain access at the firmware level, using undocumented vendor specific commands (VSCs), and then read each physical sector directly.
 
Last edited:
fzabkar said:
For example, let's say you have formatted an SMR drive, or an SSD. Both support TRIM. This means that they will return zeros for every formatted sector. In order to recover your data, you would need to gain access at the firmware level, using undocumented vendor specific commands (VSCs), and then read each physical sector directly.
Click to expand...
Every drive of any type should return zeroes for all formatted sectors in normal operation. With CMR drives and a quick format, the data is still in the sectors and the file table just tells the OS they're empty, but a full format would actively make them all zeroes. The same should happen initially with other drive types, before TRIM has run, though of course with an SSD there is a lot less surety of the specific desired blocks being wiped due to remapping and wear leveling and features like that.

If TRIM/garbage collection was given time to run, an SSD shouldn't even return any data at that point. It should all be physically null, erased blocks, neither 0 nor 1. (I don't know what happens with TRIM on an SMR drive. I think it preps the blocks in a similar way.) The SSD's garbage collection actively goes to each block and erases it so that the block can be quickly written the next time it's needed, rather than having to be erased in the same operation as the data is being written.

Do those vendor specific commands go as far as reporting the specific charge level in every cell, which might then allow the recovery specialist to estimate what the previous charge was before erasure, 0 or 1? I read ages ago about mechanical platters being read with electron microscopes or force microscopes or something to get the exact magnetic charge level of each bit, and that this is why military erasure requirements call for multiple passes with random data, to assure there's no way to pick up any remainders of previous data. Is an SSD controller able to report back at that level, or is it simply yes/no, above or below each threshold for indicating a bit?

Users will always choose convenience over security, unless they have specific needs, and most users just think they're not important enough to need to be extra secure. Recovery specialists obviously will say making the data unrecoverable isn't what their users want, but password/encryption security is vastly different from being able to physically recover the bits in a drive. There's no "backdoor" needed for physical recovery, just knowledge of how the device works (and lack of deliberate destruction like multi-pass wipes). Recovery of encrypted data is a software issue that is independent of the storage medium. You could encrypt your file and then engrave the 0s and 1s onto a clay tablet and then break the tablet, but reassembling it is a separate task from decrypting it.
 
Last edited:
fzabkar said:
A quick format is all that is required to zero-fill a TRIM-capable drive, and that happens in an instant.
Click to expand...
But it's not actually "zero-filled". The master file table or equivalent has just been marked as empty like a mechanical drive would be. Real zero-fill requires a full format. And TRIM actually has to be forced to run to tell the controller that those blocks are available for erasure so unless that's done manually, it could be days or weeks or longer before it actually happens, depending on the OS (my Windows 10 machine still won't reliably do it on its weekly schedule). They really need to come up with a way for users to know when physical garbage collection has or hasn't run (or at least what percentage was completed) versus just the TRIM signal having been sent.
 
If a sector has been TRIM-ed, the drive can return zeros, or the actual data, or some manufacturer defined data pattern, depending on its support for RZAT (read zeros after TRIM) or DRAT (deterministic read after TRIM). Therefore, even if you are still seeing your old data after a format, the TRIM command may have been sent, but the drive hasn't yet found the time to erase the specified sectors. That's an added complication. For my Samsung 860 Evo, DRAT = 1 and RZAT = 1, but for my Crucial MX500 both are 0.
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom