[NBLUG/talk] Best way to dispose of a working computer

Lincoln Peters sampln at sbcglobal.net
Mon Aug 14 13:55:02 PDT 2006


On Sunday 13 August 2006 18:57, S. Saunders wrote:
> For 99% of legitimate use (i.e. "ordinary" personal/financial data), it
> will be.
>
> For someone willing to spend hundreds (up to thousands) of dollars, a few
> disk-recovery specialty houses (and, obviously, quite a few gov't
> agencies) with clean-room operations can recover a complete disk-image
> from the process above.

I would put the whole security policy through a cost-benefit analysis (more 
precisely, the cost-benefit analysis that your enemies might go through):

* Are you guarding against identity theft?  Because if so, it's unlikely that 
your average identity thief would go to such lengths, since the cost of these 
operations is likely to exceed whatever might be gained from the theft.

* Are you worried about small- or medium-scale invasions of privacy (i.e. 
something other than government or big business)?  If so, you're still 
dealing with someone who likely wouldn't have (or be willing to commit) the 
necessary resources to defeat the aforementioned measures.

* Are you worried about a totalitarian police state, or an organization of 
comparable power?  Then grind your hard drives to dust or dissolve them in 
acid before you ever let them out of your house (you could even let them sit 
in a vault for a few years to completely demagnetize after destroying them), 
and just in case someone tries to steal a working hard drive, use strong disk 
encryption (e.g. AES), use a different password for everything you do, make 
all your passwords at least 10 characters with a combination of letters and 
numbers (maybe even Unicode characters), rig your computer with explosives, 
etc.  Even if it's you against the world, it IS possible to prevail (although 
TV and movies make it look a lot easier than it is).


Come to think of it, unless someone discovers a major flaw in AES, if you use 
a strong disk-encryption solution, you might be able to safely get rid of the 
hard disk WITHOUT having to erase it.  Even if Moore's Law holds (which is 
hasn't for the last few years), I don't think anybody is going to be able to 
decrypt that hard drive within your lifetime.  Of course, I still wouldn't be 
willing to trust that particular level of protection by itself if my life 
depended on it (which it might in Scenario #3).


DISCLAIMER: I am not a computer security expert.


-- 
Lincoln Peters		<sampln at sbcglobal.net>

There is a time in the tides of men,
Which, taken at its flood, leads on to success.
On the other hand, don't count on it.
		-- T. K. Lawson



More information about the talk mailing list