Nature of Gutmann Lite

General discussion about data forensics.

Moderators: Eraser DevTeam, Eraser Moderators

Nature of Gutmann Lite

Postby randomdata » Fri May 14, 2010 5:51 am

Hello!

I just grabbed the latest Eraser and noticed the 'Gutmann Lite' listed as a new erasure method... but I can't find any information as to what lite entails.

Is this the Gutmann concepts only applied to modern harddrive types?

I remember reading about Gutmann saying that 35 is overkill on modern drives since they only use like 5 encoding methods these days.

Any information appreciated!
randomdata
 
Posts: 1
Joined: Fri May 14, 2010 5:45 am

Re: Nature of Gutmann Lite

Postby DavidHB » Fri May 14, 2010 11:51 am

I moved the post into this forum, because there is a great deal of relevant information here, produced by people who know a lot more about the subject than I do.

Curiously, neither Gutmann nor Gutmann Lite are described in the Eraser manual, perhaps because they are not formally recognised standards. The difference, AFAIK, is that the original method makes 35 passes, whereas the Lite method makes only 10.

Even 10 passes may be overkill. You will find on this forum links to documents that state that, with more modern (high density) disk technology at least, a single pass is sufficient to put data beyond practicable recovery. For my purposes, I am happy to use the 3pass HMG method for erasing files and folders and the default single pass for erasing free space (anything else takes too long).

David
I am not an Eraser programmer, but a long-time user; my views may not be the same as those of the Eraser programming team.
Before posting, please read the top 4 topics in the Eraser FAQ, which already provide many of the answers users need.
DavidHB
Eraser Wizard
 
Posts: 2166
Joined: Sat Jan 23, 2010 8:10 pm
Location: Isle of Wight, UK

GOST P50739-95

Postby forensics » Sun Aug 22, 2010 4:51 pm

Hi!

Your software allows users to overwrite data using "GOST P50739-95" method, but GOST R 50739-95 (correct name of the document) does not have any requirements on number of passes and types of data to use for wiping (in other words, GOST R 50739-95 wiping method does not exist, it's a myth).

A method consisting of two passes with random data is defined by GTK Management Directive, not by the state standart.

See also:
http://www.forensicswiki.org/wiki/Talk: ... _Standards
forensics
 
Posts: 1
Joined: Sun Aug 22, 2010 4:33 pm

Re: GOST P50739-95

Postby DavidHB » Sun Aug 22, 2010 5:36 pm

I'll leave Joel to comment on the substance of this message, but I'm moving the topic to Eraser Programming, as this is not a support query.

David
I am not an Eraser programmer, but a long-time user; my views may not be the same as those of the Eraser programming team.
Before posting, please read the top 4 topics in the Eraser FAQ, which already provide many of the answers users need.
DavidHB
Eraser Wizard
 
Posts: 2166
Joined: Sat Jan 23, 2010 8:10 pm
Location: Isle of Wight, UK

Re: GOST P50739-95

Postby Joel » Mon Aug 30, 2010 7:21 am

Thanks for the input. Let me check.
Be sure to read the FAQ before posting. If you found this application useful, please contribute to Eraser's development.

I develop Eraser but I am not an employee of Heidi Computers Ltd. My views do not represent those of Heidi Computers Ltd.
Don't PM or Email me questions: they won't be answered any faster than on the forum and knowledge won't be accessible by all.
User avatar
Joel
Eraser DevTeam
 
Posts: 3688
Joined: Sat Aug 19, 2006 12:16 am
Location: Singapore

Re: Nature of Gutmann Lite

Postby jackjack » Thu Sep 02, 2010 7:51 am

DavidHB wrote:Curiously, neither Gutmann nor Gutmann Lite are described in the Eraser manual, perhaps because they are not formally recognised standards. The difference, AFAIK, is that the original method makes 35 passes, whereas the Lite method makes only 10.


I'd be very interested in finding out more about the so called Gutmann Lite method. As far as I can see is is not a method that Gutmann him self came up with it just looks like someone is piggybacking on the name.

Typically there are two ways of implementing the Gutmann method, the 35 pass we all know and *love* ( :P ) and then the rarely if ever used method, sans random passes.

As was pointed out back in May, there is nothing documented and this does not appear to have changed. Can we get details of the wipe pattern for each of these 10 passes and why they were chosen?
jackjack
 
Posts: 295
Joined: Tue May 16, 2006 11:58 am

Re: Nature of Gutmann Lite

Postby DavidHB » Thu Sep 02, 2010 9:00 am

At an (educated) guess, the full Gutmann method will be that described his 1996 paper, discussed in this Wikipedia entry. That is certainly true of Eraser 5.

The 10-pass 'Lite' method will presumably use a representative subset of the methods uses in the full 35 pass method. Both are, for reasons given by Gutmann himself, almost certainly overkill. Gutmann makes it clear that the reasons often given for favouring the method he described are, pretty much, spurious. In those circumstances he would not wish the method to become a formal standard.

David
I am not an Eraser programmer, but a long-time user; my views may not be the same as those of the Eraser programming team.
Before posting, please read the top 4 topics in the Eraser FAQ, which already provide many of the answers users need.
DavidHB
Eraser Wizard
 
Posts: 2166
Joined: Sat Jan 23, 2010 8:10 pm
Location: Isle of Wight, UK

Re: Nature of Gutmann Lite

Postby jackjack » Thu Sep 02, 2010 10:24 am

DavidHB wrote:At an (educated) guess, the full Gutmann method will be that described his 1996 paper, discussed in this Wikipedia entry. That is certainly true of Eraser 5.

The 10-pass 'Lite' method will presumably use a representative subset of the methods uses in the full 35 pass method. Both are, for reasons given by Gutmann himself, almost certainly overkill. Gutmann makes it clear that the reasons often given for favouring the method he described are, pretty much, spurious. In those circumstances he would not wish the method to become a formal standard.


David, you could have just said you don't know instead of linking to the exact same page I did... ;) I am well aware of the ins and outs of the Gutmann 35 pass method and whether it is or isn't worthwhile (read my post history if needs be).

Unless I am missing something, the paper makes no mention of it, only 35 (22 leaving of random and dup passes) version. From a lackadaisical search of the interwebs the only other place that mentions it is in this sample Shredder.cs, of which the last two passes differing to the one implemented in Eraser.

I was really hoping for something explaining where this supposed 10 pass Gutmann method came from and why it was chosen to be included, not the age old "Gutmann is overkill" answer that gets given these days (and which I have said many times in the past).
jackjack
 
Posts: 295
Joined: Tue May 16, 2006 11:58 am

Re: Nature of Gutmann Lite

Postby DavidHB » Thu Sep 02, 2010 1:12 pm

jackjack wrote:David, you could have just said you don't know instead of linking to the exact same page I did... ;)

Oops, sorry. Another senior moment ... :oops:

jackjack wrote:I was really hoping for something explaining where this supposed 10 pass Gutmann method came from and why it was chosen to be included

When Joel gets back from his busy life to post on the forum, he will be able to explain. What he has said is that Gutmann is the default method of file erasing because he feels that is what many users expect, and the overhead for file erasing on modern machines is not that great. Actually, I disagree with the latter point, because it its clear from support queries on the forum that some people do try to erase very large amounts of file/folder data at one go, and in that case the erasing method chosen will make a big difference. I don't know where the Gutmann Lite idea came from; the point I was making was that, as it has no formal status, I am not all that bothered.

Underlying all this (and I suppose more important than the 'overkill' point) is the fact that recent research, such as it is, indicates that the erasing method chosen is considerably less important than we once thought. If the best information we have suggests that a single pass is as effective as anything else, I might use, say, a three pass method (to allow for some element of doubt), but feel that ten passes is too much. In those circumstances, I respect but do not altogether share your interest in where particular methods came from.

David
I am not an Eraser programmer, but a long-time user; my views may not be the same as those of the Eraser programming team.
Before posting, please read the top 4 topics in the Eraser FAQ, which already provide many of the answers users need.
DavidHB
Eraser Wizard
 
Posts: 2166
Joined: Sat Jan 23, 2010 8:10 pm
Location: Isle of Wight, UK

Re: Nature of Gutmann Lite

Postby Joel » Sun Sep 05, 2010 7:28 am

I believe that Gutmann Lite came from a submission somewhere (which I can no longer remember -- this was quite a while back during Overwriter's time) and I do agree with your analysis that there are few references, if any, to that scheme. Perhaps it would be more beneficial to remove it as there are no official documents to support that as an erasure method (granted: I should have done my homework instead of implementing blindly!)
Be sure to read the FAQ before posting. If you found this application useful, please contribute to Eraser's development.

I develop Eraser but I am not an employee of Heidi Computers Ltd. My views do not represent those of Heidi Computers Ltd.
Don't PM or Email me questions: they won't be answered any faster than on the forum and knowledge won't be accessible by all.
User avatar
Joel
Eraser DevTeam
 
Posts: 3688
Joined: Sat Aug 19, 2006 12:16 am
Location: Singapore

Re: Nature of Gutmann Lite

Postby DavidHB » Sun Sep 05, 2010 11:20 am

Joel wrote: Perhaps it would be more beneficial to remove it as there are no official documents to support that as an erasure method

If it was in Eraser 5, I think users would expect it to be in Eraser 6. Perhaps what is needed, as jackjack is sensibly suggesting, is appropriate references to both Gutmann and Gutmann Lite in the Appendix to the manual, so that users know the origins and contents of these methods, and can make up their own minds.

David
I am not an Eraser programmer, but a long-time user; my views may not be the same as those of the Eraser programming team.
Before posting, please read the top 4 topics in the Eraser FAQ, which already provide many of the answers users need.
DavidHB
Eraser Wizard
 
Posts: 2166
Joined: Sat Jan 23, 2010 8:10 pm
Location: Isle of Wight, UK

Re: Nature of Gutmann Lite

Postby jackjack » Thu Sep 09, 2010 8:37 am

joel wrote:Perhaps it would be more beneficial to remove it as there are no official documents to support that as an erasure method (granted: I should have done my homework instead of implementing blindly!)


I would be inclined to suggest dumping Gutmann Lite altogether or at the very least renaming it as its name is a bit of a misnomer.

There is no evidence what so ever that Gutmann him self came up with it, that I can see. The only thing I can find that ties it to the 35pass Gutmann method is it happens to share a couple of the same patterns. I'll also mention what I said above, of the two implementations that called them selves "Gutmann Lite" they both differed on the last two passes.

As it is there's probably more than enough choices for the average user

DavidHB wrote:If it was in Eraser 5, I think users would expect it to be in Eraser 6. Perhaps what is needed, as jackjack is sensibly suggesting, is appropriate references to both Gutmann and Gutmann Lite in the Appendix to the manual, so that users know the origins and contents of these methods, and can make up their own minds.


Gutmann Lite was not, to the best of my knowledge (two weeks is a long time), in Eraser 5 last time I used it. I was not suggesting anything really, I was asking a question.

If you want a suggestion, if more methods are going to be added, I would be inclined to focus on those that are documented as required by various agencies* such as the various British, Russian, German, US ones already included in Eraser. This way you give such agencies a valid reason to use the software.

Saying that, I'd not spend too much time what is already there is perfectly adequate (well maybe a null pass option by default in eraser would be handy, it really helps with compression of disk images).

DavidHB wrote:Underlying all this (and I suppose more important than the 'overkill' point) is the fact that recent research, such as it is, indicates that the erasing method chosen is considerably less important than we once thought. If the best information we have suggests that a single pass is as effective as anything else, I might use, say, a three pass method (to allow for some element of doubt), but feel that ten passes is too much. In those circumstances, I respect but do not altogether share your interest in where particular methods came from.
David


I appreciate what you say, and as I've said I'm very much a proponent of a 1 pass is enough. The problem is I asked a question about the who, what, why, when, where of a particular method and you just went into auto pilot, ignored the question for all intents and purposes and regurgitate the old "one pass is enough line". If we can't ask mildly technical question or discuss an intrinsic part of eraser on the forum what is the point of having it, you may as well just dump all but the support section :)

* I have it in the back of my mind that I posted a list of various Govt required methods to the forum a while back so I'll can see if I find it.
jackjack
 
Posts: 295
Joined: Tue May 16, 2006 11:58 am

Re: Nature of Gutmann Lite

Postby DavidHB » Thu Sep 09, 2010 3:29 pm

jackjack wrote:I would be inclined to suggest dumping Gutmann Lite altogether or at the very least renaming it as its name is a bit of a misnomer ... There is no evidence what so ever that Gutmann him self came up with it, that I can see.

Fair point.

jackjack wrote:
DavidHB wrote:Underlying all this (and I suppose more important than the 'overkill' point) is the fact that recent research, such as it is, indicates that the erasing method chosen is considerably less important than we once thought. If the best information we have suggests that a single pass is as effective as anything else, I might use, say, a three pass method (to allow for some element of doubt), but feel that ten passes is too much. In those circumstances, I respect but do not altogether share your interest in where particular methods came from.
David


I appreciate what you say, and as I've said I'm very much a proponent of a 1 pass is enough. The problem is I asked a question about the who, what, why, when, where of a particular method and you just went into auto pilot, ignored the question for all intents and purposes and regurgitate the old "one pass is enough line". If we can't ask mildly technical question or discuss an intrinsic part of eraser on the forum what is the point of having it, you may as well just dump all but the support section :)

No, not autopilot, but an honest recognition, for the benefit of all users of the forum, that people more expert than I have reported research results which come to a particular conclusion, and that (so far as I have been able to discover) no one has as yet reported any contrary conclusion. The words 'such as it is' were meant to refer to the facts that:
  • there is not a lot of published research;
  • there is always a possibility that there are people out there who know how to defeat erasures, but do not wish to advertise the fact.
Of course I do not mean to rubbish your query; that would be foolish as well as discourteous. At the same time, it is surely legitimate to seek to put a particular issue in context; the shadow of the Gutmann method (despite Gutmann's own forthrightly expressed views) still seems to be quite long.

David
I am not an Eraser programmer, but a long-time user; my views may not be the same as those of the Eraser programming team.
Before posting, please read the top 4 topics in the Eraser FAQ, which already provide many of the answers users need.
DavidHB
Eraser Wizard
 
Posts: 2166
Joined: Sat Jan 23, 2010 8:10 pm
Location: Isle of Wight, UK

Re: Nature of Gutmann Lite

Postby Joel » Fri Sep 10, 2010 2:45 am

Alright, please do create a ticket in Trac to remind me (I see jackjack's been busy submitting tickets) as I will be tied up for... quite a while. Things have been getting rather out of hand lately.
Be sure to read the FAQ before posting. If you found this application useful, please contribute to Eraser's development.

I develop Eraser but I am not an employee of Heidi Computers Ltd. My views do not represent those of Heidi Computers Ltd.
Don't PM or Email me questions: they won't be answered any faster than on the forum and knowledge won't be accessible by all.
User avatar
Joel
Eraser DevTeam
 
Posts: 3688
Joined: Sat Aug 19, 2006 12:16 am
Location: Singapore

Re: Nature of Gutmann Lite

Postby Joel » Fri Sep 10, 2010 11:24 pm

I've merged a similar post on another erasure method. I will remove both predefined ones at the same time.
Be sure to read the FAQ before posting. If you found this application useful, please contribute to Eraser's development.

I develop Eraser but I am not an employee of Heidi Computers Ltd. My views do not represent those of Heidi Computers Ltd.
Don't PM or Email me questions: they won't be answered any faster than on the forum and knowledge won't be accessible by all.
User avatar
Joel
Eraser DevTeam
 
Posts: 3688
Joined: Sat Aug 19, 2006 12:16 am
Location: Singapore


Return to Data Forensics

Who is online

Users browsing this forum: No registered users and 0 guests

cron