Re: [tlug] Dealing with a possibly busted external HD

[Kalin KOZHUHAROV <me.kalin@example.com>]

I leave out standards discussions, it is a very subjective pov anyway.


On Wed, Mar 22, 2017 at 1:39 AM, Curt Sampson <cjs@example.com> wrote:
>> A bent/warped/broken platter cannot be recovered, since it has to
>> spin a few thousand RPM to be read.
>
> No, it clearly does not. As just a simple thought example, holding the
> platter still and moving a head across it would likely be
> indistinguishable for most purposes. But I'm not convinced that even
> now a minimum speed between a sensor and the media is necessary to
> read a bit, and I am less convinced that that would always be the case
> in the future.
>
In theory - may be. In practice, theory doesn't work :-)

Do you know what is the standard distance from surface to head? 2-20
nm (for reference human hair is 30 - 100 um, or 30,000 - 100,000 nm)
And what are the tolerances that are allowed in order to center the
head on top of a sector? about 1/10 of that.
And then there is another problem, at those distances heads will stick
to the platter, if it wasn't for the air cushion formed when the
platter spins at 5-10K RPM and the head's special aerodynamic shape.
Positioning, or rather keeping the position, even on a flat surface is
already pretty hard problem and it will read you a bit. A random one
and it will be 0 or 1, if you get it right. If you are lucky it will
be from actual data (rather than service/servo data). If you are
really lucky you may be able to read a byte, you just need to find the
right direction in 3-D space and repeat your positioning 8-10 times,
not skipping any bits, not getting stuck (or unstick your head
regularly), not reading neighboring sectors.

But what are your chances to find a 8-30 byte password (assuming it is
there), actually identifying it is a password say on a 1TB drive, with
3 double sided platters (6 heads) that has been beaten with a
hammer/screwdriver? Are you that lucky?


>> If they are really lucky (and you not) they may recover a password
>> of some kind, a secret in other words. But hey, they'll need time
>> and you DO change tour passwords regularly, right?
>
> How many hundreds of passwords do you change every year?
>
I don't have hundreds of passwords to change, may be I have about 5
that can cause more than 50USD damage, the rest are less important.
For those I use long random passwords that are PITA to enter, no way
to remember and are written down on paper (not printed), physically
secure.
The rest use a PW manager and are changed often.

> Regardless, this is a very typical example of defining "security" in
> terms of one problem. It could be that you couldn't care less if
> passwords or other authentication tokens are on that drive and you
> might still be interested in spending $200 to have the drive properly
> destroyed. (There are companies that will do 25 drives for $200[1],
> which works out to $8 a drive; as I said, we're not talking about huge
> costs here.)
>
This thread is about a private person, having one drive to be destroyed.

If you ship me 25 drives in semi-working order, I may even pay you and
issue you destruction certificate.
I'll remove the platters and destroy them, then sell for scrap
aluminum (most of them).
The rest can be used for donor parts, or for magnets, or still scrap metal.

> The important point is to figure out how much money you're really
> saving and what you're losing by that.
>
Yep, I agree.
How much you risk and how much you pay to lessen the risk (or not).
Insurance companies are one of the greatest...

Kalin.