Hacker News new | past | comments | ask | show | jobs | submit login
Overwriting Hard Drive Data: The Great Wiping Controversy (2008) [pdf] (vidarholen.net)
32 points by Tomte 19 days ago | hide | past | favorite | 40 comments



1) Just a funny fact, the Craig Wright who's first author on this paper is that Craig Wright.

2) This is a good paper on the situation, but as I've mentioned before tends to miss the point. The data remanence concern today is usually non-volatile caches and remapped sections of the media which are not documented or accessible to the host. This problem is best known for SSDs but very much exists on modern platter drives as well. No number of host-based overwrites will reliably overwrite these even once, and the manufacturers do not document or disclose the behavior.


Would that mean that, hypothetically, a bad actor could convince the manufacturer to place sensitive data about you in inaccessible parts of the disk? So short of destroying it completely, a computer (especially one where permanent storage is soldered in) could be assumed to contain anything that was stored on it even once?

Well when the government will become very interested in hoarding old electronics and registering every facility able to destroy them, we should become suspicious.

I would be very relieved to be proven paranoid.


You don't even need a bad actor, the drive will do that on its own. Malicious firmware only needs to be invoked if the attacker wants to be SURE that the preserved data 'just happened' to cover e.g. your crypto keys.


Do you mean a type of spinning disk that also has flash memory for caching? I thought spinning disks normally used volatile memory for the cache?


No, platter drives usually don't have nonvolatile cache although it's hard to say for sure. Enterprise drives are more likely to. The bigger issue with spinning drives is that they move data around the platters in ways not disclosed by the manufacturers, including both optimizations (writing near heads) and error corrections like ending use of problematic parts of the platter. These all leave bits of data in "non-addressable" parts of the platter.


Ah, that's interesting. I wonder how hard it'd be to find these areas of the disk, I wonder if the location of them is stored in some kind of non volatile memory, so the disk can easily find them.


And the Dave Kleiman who is second author on this paper is that Dave Kleiman, the one who most likely invented bitcoin.

Wright has claimed to be Satoshi Nakamoto but has proven himself to be a liar on this topic; by his actions he clearly believes that Kleiman controlled the Satoshi bitcoin fortune before his untimely death.


Dave Kleiman had absolutely nothing to do with the creation of Bitcoin.

Prior to his death Kleiman was IT support staff for a small county sheriff's department in Florida. He has no relevant expertise -- e.g. the only evidence of Kleiman ever writing any program ever was a simple visual basic script to automate checking the windows registry for forensic information. Literally the only thing remotely suggesting any connection is documents from Wright which are provably forged and created after Dave's death.

[Wright's forgeries tend to be extremely bad: Stuff like changing the year in emails but not fixing the day of the week and misspelling Dave's name -- in emails supposedly from Dave. Accidentally producing unmodified originals, citing laws that didn't exist until years later, using software versions that didn't exist until years later, referencing URLs on his own domain names that he didn't register until years later, accidentally producing "dave"'s private keys in discovery ... but they're also extremely numerous, so it's easy to get smothered under the total mass of them.]

Wright invoked his former friend in his scheme posthumously to solve a specific logistical problem: Wright himself can't program (certainly not in C/C++). So in his forgeries he included someone who couldn't contradict his stories so that Wright could beg off his inability to answer questions as "Dave did that part". Fortunately for Wright, it turned out that none of the eligible victims asked any hard questions. Unfortunately for Wright, Dave's family came after him for their share of the fortune Wright claimed they created together. Fortunately for Wright, Dave didn't actually help him (because neither had early involvement in Bitcoin). Unfortunately for Wright, all the easily proved forgeries in the case with the estate end up making it look like Wright is covering up the involvement to hide what he owes. Wright's frogurt is cursed, but also doesn't exist. (So that's good?)

Kleiman isn't the only deceased person that Wright involuntarily enlisted into his con-- Wright as also claimed that he was aided by Gareth Williams (some MI6 spy that was in the news at the time Wright started spinning this yarn) and David Rees -- an older academic who was disabled and unresponsive in a care home at the time Wright claimed to have been working with him.


The Satoshi Nakamoto emails were compromised in 2013 & available on the dark web & that was when the Faketoshi saga took form. Too bad these are the elements we all have to deal with years later.

Bitcoin was formed in C then translated to C++. Too bad for Crack that he has only began to realize that Satoshi Nakamoto is a group with wide reach and several people.


Isn't that one of many plagiarized papers by someone who made cosplaying the dead and the alive (Dave Kleiman, David Rees, Deborah Kobza, Satoshi Nakamoto, Tim May, to name a few), lying and creating forgeries a fulltime job? Who's latest con is a massive neverending Nigerian prince advance fee scam on Calvin Ayre, now ending in a totally corrupt and bankrupt Bitcoin affinity fraud that is failing by all serious metrics? The man who is called a liar and a fraud by 7 judges on 3 continents, who is now involved in numerous lawsuits in which his counsel ONTIER has no shame to reuse Faketoshi lies and forgeries that have been called out by ATO and court Florida already?

What a shame there are still people who give this con man the benefit of the doubt. He doesn't deserve it:

https://link.medium.com/rj9V8yb0pib


Arthur von Pelt, another obsessed anti Craig personality….

Arthur wakes up and goes to bed thinking about Craig…..

It’s almost like Arthur is giving Craig the benefit of the doubt

Not that long ago, Arthur was put in place by Renowned Cryptographer Iain Grigg when Arthur asked the question if Craig ever actually stated anything about Bitcoin that wasn’t already known.

Iain then had to educate Arthur about how Craig indeed explained things about Bitcoin that even Iain didn’t know at the time.

Things like the double hash for instance, funnily enough after Craig explained the double hash it was subsequently altered in the BTC wiki.

Yes ladies and gentleman this is the kind of folks we are dealing with here….


> Arthur von Pelt, another obsessed anti Craig personality

Being angry about an obvious fraud who lobs obviously baseless $6 billion dollar lawsuits against retirees who were once volunteer Bitcoin developers isn't obsession, it's humanity.

> Things like the double hash for instance, funnily enough after Craig explained the double hash it was subsequently altered in the BTC wiki.

Actual history: Some random person wrote on the BitcoinWiki on some obscure page that sha256(sha256(x)) might be used in bitcoin to improve security against collisions a few years later this claim was noticed and removed with a link to a 2011 post on Bitcointalk that pointed out that any collision on H(x) is also a collision on H(H(x)). The text on the wiki was just incorrect, the author was likely confusing collision and preimage security or at least really unclear in their writing-- that's just one of the risks of public wikis.

Wright started running around repeating this point someone else made on BCT in 2011, pretending to have come up with it himself, and suggesting that knowing about this thing (which obvious and common understanding long before Bitcoin existed) was somehow evidence of him being Bitcoin's creator. Craig didn't "explain" anything that wasn't already explained in detail within the Bitcoin community before Craig ever heard of Bitcoin, and known outside of the Bitcoin community long before Bitcoin existed.

Going back to 2011 people have given many explanations as to why the use of sha256(sha256()) in Bitcoin had potential advantages, in some corner cases.

Wright hasn't added a single thing to that discussion, and some of his attempts to do so have just been flat out incorrect. For example, for a while he was claiming that it was done that way so that parties could give miners transactions to mine without disclosing the transaction to them (a really bad idea), but that works just as well if sha256() is used.


Is this how you got in trouble with wiki Greg?

By altering realities..... forcing your vision of the world through peoples throats?

Regarding Arthur, the guy needs no encouragement, he needs help. Incredibly unhealthy obsession with Craig, so don’t go telling him he is helping humanity lol....

Regarding double hash, it is being used by miners today Greg within BSV... and it works.

Interestingly again it is YOU that seems to think that it is a BAD idea, just like you think everything is a bad idea that isn’t lining up with your vision.

We know your modus of operandi, we also know how far you are willing to go to protect your ideals....

It is why you are to this day fighting Craig....


> Regarding double hash, it is being used by miners today Greg within BSV... and it works.

What do you mean "used by miners" of course it's used by miners it's part of the Bitcoin protocol.

> Interestingly again it is YOU that seems to think that it is a BAD idea, just like you think everything is a bad idea that isn’t lining up with your vision.

It doesn't have anything to do with "vision". If a miner spends energy constructing a block with transactions in it they've never seen then the can't be sure the transaction is valid and that it doesn't conflict with some other transaction they're attempting to include. And if the person who does know the transaction doesn't provide it immediately when the block is found, the block will end up stale and abandoned (and every millisecond of delay increases the odds of that). This is objectively pretty risky, but hey-- if you want to do something risky, that's on you.

But, regardless of it being a bad idea or not, it's in no way aided by using sha256(sha256()), you can do that foolish thing just as well if Bitcoin had happened to use sha256(): Just hand the miner the hash of the transaction. So Wright's "explanation" was just another purely fabricated bit of technobabble nonsense.

His lies actually work better when they make little sense because then he can deflect discussion to a debate over literal nonsense rather than face that what he's said is simply wrong an outright fabricated falsehood.

> forcing your vision of the world through peoples throats

I haven't forced anyone to do anything. Quite the opposite. By contrast, scammer Wright has sued me for _6 billion dollars_ so it is I that am forced to debunk his bullshit. Though it's increasingly looking likely to me that he's going to lose his case through simply failing to respond.

> so don’t go telling him he is helping humanity lol....

Maybe consider working on your reading skills. Arthur von Pelt is a kind person who has put in a fair amount of effort helping to protect his fellow man from a fraud. His care for others is an example of benevolence and compassion. In fact, he probably is helping humanity-- he's certainly been an aid to myself. But that isn't what I said.


There is stronger evidence that paper is nonsense than there is that it's a valid piece of academia. As per painted_frog's superb sleuthing, even the electron microscope image in there was just a rotated and cropped image from another electron microscope website in 1999. Here's the source image here:

https://web.archive.org/web/19991103120709/http://www.engr.s...

Notice the artifacts of the rotation in the plagiarized copy.

https://twitter.com/retired__frog/status/1157762921293914113

"14/26 As Gutmann himself points out in an appended epilogue after OHDD was published, there are major problems with OHDD, one being that bc the authors don’t know the difference between Scanning Electron Microscopy (SEM) and Magnetic Force Microscopy (MFM), they confuse the two

"15/26 Note the copy/paste (no citation) from A Practical Guide to Scanning Probe Microscopy (1993). Given the authors’ unfamiliarity with these tools and methods, it doesn’t lend huge credibility to the paper’s conclusions that there is no documentation of the experiment itself.

"16/26 Indeed, the paper falsely claims a MFM-captured image as deriving from this project. In fact it’s a crop of an image originating from Veeco Instruments Inc, in an MFM image gallery on its site since 1999 at latest. The accompanying citation is an unrelated paper about MFM.

"18/26 The concluding section makes the unsupported (false) claim that this study demonstrates that a single-pass overwrite renders data irretrievable even with the use of MFM “or other known methods”. The study didn’t purport to test any other methods, only MFM.

"25/26 No corroborating artifact from the study was ever made available; there is only the critically flawed paper. Questions about method (ex. locating disk sectors) received dubious or dismissive answers.


From my understanding, you can recover data after a wipe if that data is on a sector that has been marked as defective by the firmware. A software wipe will skip it, but "SATA secure erase" should not.

Another thing worth noting is that hard drive manufacturers intentionally make recovery of overwritten data difficult. Not because of security, but because data that can be recovered is wasting space. For example, if you have a 100GB hard drive and you can recover 10GB after a wipe, it means that there is actually 110GB stored here, and the manufacturer will want to tweak things up to make used of that space.


Thermite is cheap, fun, and effective.

Fire cleanses all sins.


You probably don't want to believe anything in this: The author is a well known scammer/con-artist (Craig Wright) who has a long running advanced fee fraud scheme predicated on convincing suckers that he created bitcoin and has some secret stash of billions that he could get to only if his victims help him with some cash flow problems.

He has a long history of using forgeries, faked documents, plagiarism, and impersonation in order to pass himself off as some kind of credible.

This article is debunked in the "Further Epilogue" of https://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

Moreover, the images of their supposed MFM imaging was just copied off a manufacturer's page ( https://web.archive.org/web/20090418043851/https://www.engr.... shows another copy on a similarly old page, citing the source) -- so it seems unlikely that they ever performed any measurements at all. A big chunk was plagiarized from an uncited source ("A Practical Guide to Scanning Probe Microscopy (1993)")... another hallmark of Wright's lame forgeries.

There was a phenomenal twitter thread that went over all this and more, but Wright used spurious legal threats to drive the author off twitter. The biggest loss was where it pointed out that one of the citations in this paper is where they tried to cite Nikola Tesla in [20], but used the title of the 1989 album The Great Radio Controversy by the rock band Tesla ( https://en.wikipedia.org/wiki/The_Great_Radio_Controversy ). :P

These days Wright is busy prolonging a lawsuit against a dozen former and current Bitcoin developers-- including myself--, demanding that they help him compensate for his lack of private keys by publishing a backdoored version of Bitcoin in order to aid him in taking billions of dollars worth of other people's coins, or failing that pay him billions of dollars themselves.

I wouldn't be shocked now if Wright wasn't promoting this article because in one of his lawsuits he claimed hackers hid a "wifi pineapple" in his home and used it to penetrate his systems and then delete his private keys. ... and then before contacting law enforcement he completely wiped his systems, helpfully destroying evidence that the supposed hack never happened and that the keys never existed. So now he's invested in the claim that deletions are never recoverable, to cover for his transparent spoliation.

He's now funded by loans taken out against his non-existing bitcoin fortune, which likely explains why he's cowardly doing everything he can to delay progress in at least five different court cases. Presumably the consequences for him will be dire when his victims start realizing the funds he promised them next existed. Esp because one of the largest sponsors is a former drug smuggler who spent a decade on the run on the DHS most wanted list.


reading this is like a bad novel dude, you are trying so hard to discredit Craig it is now becoming a tad sad tbh…..

Craig has been inviting people in court (including BTC devs) and is awaiting the COPA case to prove he is Satoshi, it was Peter McKormack who bailed out even though being backed by Tether (you know that endless source of money he could use to fight Craig)

It was cobra whi backed out of defending the bitcoin.org which defaulted to Craig

Instead of fighting Craig in court Tether pulled out of the case, yes Tether pulled out and no longer fights that Craig is not Satoshi after having seen the evidence.

Many others have been running as well, rather than actually fighting him in court. (Roger Ver, Adam Back, Greg Maxwell) Folks like @fluffypony and @mcafee all calling Craig a fraud, a common theme, all of them landed in jail for fraudulent behaviour.

Funnily enough Greg is one of the greatest social media engineers fighting a war against Craig but please notice how he is to much of a coward to fight him in court……

Instead he and his crypto space buddies, fight a nasty social media war by spreading misinfo on Craig (using sockpuppet accounts) to make it look like the most functional scalable and technically advanced chain(original Bitcoin with set in stone rules) is a fraud……


> please notice how he is to much of a coward to fight him in court

I filed my response to the conman's laughable $6 billion dollar lawsuit against me on June 16th, which is now almost 11 weeks ago. By comparison, I was only granted only 4 weeks to both find legal representation and respond. Wright appears to be doing almost everything in his power to delay progress in court cases. E.g. he's started claiming that covid hardships are delaying him from going to trial, ironically on a day where he gave a presentation in front of a room full of prospective investors in his scam.

In your response you don't appear to have read my message at all. You don't deny wright's disk writing claims are debunked, that the only 'evidence' he provides of performing the experiment turns out to be an image stolen from a mfgr website, that text was plagiarized, or that he can't even bother to distinguish a scientist from a rock band.

Wright has lost in court multiple times against Roger Ver. Against Adam Back wright not only failed but had to pay all of Dr. Back's legal fees. And against myself Wright appears to be doing all he can to delay responding.

> Peter McKormack who bailed out

Journalist Peter McCormack is being sued by Wright for defamation in the UK for simply repeating what everyone else had been saying for years before: That Wright's supposed evidence of being Satoshi is all obviously fake. Wright has bankrupted him with millions of UKP in legal expenses in what is apparently the most expensive defamation case in UK history ( https://twitter.com/petermccormack/status/140557825024028672... ) yet he has by no means "bailed out".

The fact that Wright is suing journalists for criticizing his obviously false claims is why it's important that people like me step up to point out the scam-- because his naked threats and intimidation prevent others from doing so.

> using sockpuppet accounts

You have a brand new pseudonymous account to post your attack. By contrast, I am publishing here under my only account, one which I've used here since 2010, which is well known and happily disclosed to be me. Sounds to me that you're applying a criticism to your targets that would be better applied to yourself.

I don't have to do anything to make it look like Wright is a fraud because it is transparently obvious that he is one, which is why multiple courts have found that his testamony was false and perjurious and that his documents were forgeries.


Stating he is delaying the courts, to make a point, is a little weak imo, courts get delayed all the time, Craig was actually trying to expedite the case not that long ago.

Rather odd for someone to pull everyone in court and fight his legacy and then postpone the cases right, he must be off of his hat to even invite you into court if he has zero chance of winning it....

After all if he can’t prove he is Satoshi the courtcase would be an act of hari kiri....

So basically your argument is, he is delaying the courts so therefor he is a fraud?

I am counterattacking your claims and I am using my oudekaas pseudonym for it, and yes I opened a new account here, nothing to do with sockpuppets or starting conversations with myself to press a certain narrative right?

Peter McKormack no longer fights the fact that Craig is not Satoshi which was originally one of his defenses, in fact despite Tether’s infinite resources, Peter McKormack is now only defending the defamation, so you are lying and misinforming people here....

It’s pretty damn obvious why McKormack dropped that defense.... they know they can’t win it.

You don’t have to do anything right? except you do EVERYTHING


> After all if he can’t prove he is Satoshi the courtcase would be an act of hari kiri....

Actually, in his lawsuit against me Wright's attornies write: "Whether or not Dr Wright is, in fact, Satoshi Nakamoto, is not an issue that is likely to fall for determination in the Claim."

But even ignoring that, Wright is engaging the courts because he's backed into a corner. He convinced a former drug smuggler and indicted money launderer to loan him enormous sums of money in trade for fictitious Bitcoins which he's now unable to pay up. Every lie Wright has told so far ties his hands and forces his moves, he's using the lawsuits as an excuse to not hand over the coins he's promised his victims, coins he can't hand over because they were never his and/or never existed.

Whatever negative consequences he suffers from filing wave after wave of spurious lawsuit doesn't hold a candle to what will likely happen to him when the scheme finally collapses. His only hope is to drag it out for as long as he can.


nice story mate, I guess Craig investing millions into TAAL, putting in countless hours of work into explaining Bitcoin script in his Bitcoin theory series is all part of the con right? All keeping up appearances, before the grand finalé. May I remind you, Craig wanted this to end in court… as mentioned b4 Craig would have to be absolutely batshit insane to do this….. Possible, but extremely unlikely.

funfact, it is you that is displaying questionable obsessive behaviour towards Craig, there is no way an intelligent guy like you would spent so much effort into discrediting someone that supposedly is a non event at the same time Besides that the Bitcoin you support clearly is an experiment gone wrong, it may be around for a bit, but competing with shackles on. It is here where it becomes so obvious that BSV = Bitcoin even if you don’t believe Craig which is not required to understand that BSV is clearly Bitcoin as it was designed with set in stone rules. Game theorie wise, it is hilarious to see that BTCers crave decentralization yet, don’t grasp the easy concept of playing by a fixed rulebook. One of the main reasons to have flexible rules is for certain players to gain an advantage by changing the rules in there favour. Alas Blockstream has done exactly that, forcing Segwit down peoples throats in order to create a separate network that relies on Blockstream…

Well done Greg and friends, I applaud your success, but now I like to see the truth come out.

The fact that cryptofights is popular and working on BSV not on ETH, now doing 2 million tx a day, isn’t at all an indication of how far ahead BSV is versus the rest of the socalled “crypto” casino space, right?

BTC sits on 7 tx per sec with a broken lightning network…… BSV reached 100K transactions a sec with terra node.

BTC relies solely on price and high fees from centrally planned blocksize to survive the block reward halving, BSV already has natural demand from apps that already highlight, small blocks are a dead end given enough time

Even if Craig is not Satoshi, (he is) what will you do if BSV keeps growing and growing, will you admit you were wrong?


> explaining Bitcoin script in his Bitcoin theory series

i watched a lot of this, gotta say it's pretty good cringe-entertainment, mostly comprised of self-aggrandizing statements and explorations of trivial comp-sci topics.

these videos used to be even more entertaining when ryan x charles was asking for details and specifics in response to craig's vague hand-waving, but recent videos no longer have ryan. wonder why.

> before the grand finalé

grand finale will be craig pleading for insanity/illness that makes him pathological liar. he already started laying ground by claiming to be autistic.

> BSV reached 100K transactions a sec with terra node

i can reach million tps on my laptop, everybody knows this number in isolation is meaningless.


Oh Hi Greg,

I am sure you did, in the meantime, we have projects being build on BSV that actually innovate and don’t have to rely on 7 tx per sec or centralized solutions like LN strike....

Move along now please


Where’s the center of LN?


Craig aka Crack Right is a serial liar- If you want to kill that movement it is simple- provide real evidence.

Subpoena the list from google - en.bitcoin.it/wiki/x A known Satoshi Nakamoto Post from 2002 the posters signed in again in 2018 in front of the supporters. His minions are ill informed & offer a wild story filled with misfacts. Others point out factual data that they continue to deny.

https://twitter.com/TeamSatoshi/status/1432429656217726977/p... for the actual posting 20 years later.

The tactic is to show a promising new feature they coerced to be on the new platform and ignore the facts included as data.


Per NIST Special Publication 800-88 Rev. 1 (p. 7):

> For storage devices containing magnetic media, a single overwrite pass with a fixed pattern such as binary zeros typically hinders recovery of data even if state of the art laboratory techniques are applied to attempt to retrieve the data.

* https://csrc.nist.gov/publications/detail/sp/800-88/rev-1/fi...

If you're really paranoid use degaussing or physical destruction. If you can, use the SATA/SCSI "secure erase" command. Which definitely needs to be done for non-magnetic media (e.g., SSDs).

I'm sure there are some places where regulations dictate certain actions.


Didn't there used to be a prize offered for anyone who could reconstruct a disk that had been zeroed?

I don't think anyone ever won it.

Yes, it seems that it is theoretically possible to recover a drive that has been zeroed, but it seems that, practically, no one will bother.

Of course, SSDs are a complete other kettle of fish.


This "security expert" wiped a claimed billion dollar hard drive, after he claims a "hacker" deleted his files (that he never backed up).


CRAIG SH*T WRIGHT - faketoshi.cypherpunks.xyz


Anything wrong with GNU shred on the block device?


Nothing wrong with it, and it absolutely will stop any kind of casual or software recovery.

However, physically destroying the disk is the only way to be sure. And amusingly, it's often faster to physically destroy the disk than it is to run shred on it at today's capacity to write speed ratios.

Bonus, not only does physical destruction cover non-working sectors it works on entirely non-functioning disks.


In short, no. Often a plain old zero pass is good enough, but shred defaults to doing three random passes and that'll be sure to destroy any hopes of recovery.


Craig Wright is a liar and a fraud.


Are you willing to take that chance when discarding EOL disks?


Depends on the discarding method.

I format them, and gift to some people around here who could make a good use of them (friends, neighbors). Usually, I replace disks because I need more storage, the old ones have quite a few years of life still left. These people know me, getting good hardware for free, and I'm reasonably confident they won't sell them to digital forensic experts on e-bay.


I sledgehammer them.


So many paid shills (probably just a couple of #greg accounts) are trying to attack the creator of Bitcoin.


Must be rough, putting your faith in a scammer pretending to be Satoshi, then seeing your investment disappear like snow before the sun.

BSV was a top 10 coin a few months ago. Right now? Ranked 50. Must be rough.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: