PGP: Teach us please

[~Hippie3]

anyone here actually use pgp ?
i wanna learn...

[Raptor]

I assume you mean PHP.

Still have yet to learn much myself on my road of web design.

[nerve]

As in Pretty Good Privacy?

[dukex]

PGP = Pretty Good Privacy

Here is a link to everything you would want to know about it.
http://cryptography.org/getpgp.htm

Peace...

[dukex]

.
.
.
.
.
.

*** Frequently Asked Questions about PGP ***
by
Andre Bacard, Author of>
THE COMPUTER PRIVACY HANDBOOK
[Version February 25, 1995]

================================================== ==========
This article offers a nontechnical overview of PGP to
help you decide whether or not to use this globally
popular computer software to safeguard your computer
files and e-mail. I have written this especially for
persons with a sense of humor. You may distribute this
(unaltered) FAQ for non-commercial purposes.
================================================== =========

What is PGP?

PGP (also called "Pretty Good Privacy") is a computer
program that encrypts (scrambles) and decrypts
(unscrambles) data. For example, PGP can encrypt "Andre"
so that it reads "457mRT&%$354." Your computer can
decrypt this garble back into "Andre" if you have PGP.

Who created PGP?

Philip Zimmermann <prz@acm.org> wrote the initial
program. Phil, a a hero to many pro-privacy activists,
works as a computer security consultant in Boulder,
Colorado. Phil Zimmermann, Peter Gutmann, Hal Finney,
Branko Lankester and other programmers around the globe
have created subsequent PGP versions and shells.

PGP uses the RSA public-key encryption system. RSA was
announced in 1977 by its inventors: Ronald Rivest of MIT,
Adi Shamir of the Weizmann Institute in Israel, and
Leonard Adelman of USC. It is called "RSA" after the
initials of these men. PGP also employs an encryption
system called IDEA which surfaced in 1990 due to Xuejia
Lai and James Massey's inventiveness.

Who uses PGP encryption [or other RSA-based systems]?

People who value privacy use PGP. Politicians running
election campaigns, taxpayers storing IRS records,
therapists protecting clients' files, entrepreneurs
guarding trade secrets, journalists protecting their
sources, and people seeking romance are a few of the law
abiding citizens who use PGP to keep their computer files
and their e-mail confidential.

Businesses also use PGP. Suppose you're a corporate
manager and you need to e-mail an employee about his job
performance. You may be required by law to keep this e-
mail confidential. Suppose you're a saleswoman, and you
must communicate over public computer networks with a
branch office about your customer list. You may be
compelled by your company and the law to keep this list
confidential. These are a few reasons why businesses use
encryption to protect their customers, their employees,
and themselves.

PGP also helps secure financial transactions. For
example, the Electronic Frontier Foundations uses PGP to
encrypt members' charge account numbers, so that members
can pay dues via e-mail.

Thomas G. Donlan, an editor at BARRON'S [a financial
publication related to THE WALL STREET JOURNAL], wrote a
full-page editorial in the April 25, 1994 BARRON'S
entitled "Privacy and Security: Computer Technology Opens
Secrets, And Closes Them."

Mr. Donlan wrote, in part:

RSA Data Security, the company founded by the
three inventors, has hundreds of satisfied
customers, including Microsoft, Apple, Novell,
Sun, AT&T and Lotus. Versions of RSA are
available for almost any personal computer or
workstation, many of them built into the
operating systems. Lotus Notes, the network
communications system, automatically encrypts
all it messages using RSA. Other companies
have similar products designed around the same
basic concept, and some versions are available
for free on computer bulletin boards.

Donlan continues:

Without security, the Internet is little more
than the world's biggest bulletin board. With
security, it could become the information
supermarket of the world. RSA lets people and
banks feels secure putting their credit-card
numbers on the public network. Although it
still seems that computers created an age of
snoopery, the age of privacy is at hand.

Aren't computers and e-mail already safe?

Your computer files (unless encrypted) can be read by
anyone with access to your machine. E-mail is notoriously
unsafe. Typical e-mail travels through many computers.
The persons who run these computers can read, copy, and
store your mail. Many competitors and voyeurs are highly
motivated to intercept e-mail. Sending your business,
legal, and personal mail through computers is even less
confidential than sending the same material on a
postcard. PGP is one secure "envelope" that keeps
busybodies, competitors, and criminals from victimizing
you.

[dukex]

.
.
.
.
.
.

I have nothing to hide. Why do I need privacy?

Show me a human being who has no secrets from her family,
her neighbors, or her colleagues, and I'll show you
someone who is either an extraordinary exhibitionist or
an incredible dullard.

Show me a business that has no trade secrets or
confidential records, and I'll show you a business that
is not very successful.

On a lighter note, a college student wrote me the following:

"I had a part-time job at a dry cleaner. One day I
returned a diamond ring that I'd found in a man's coat
pocket to his wife. Unfortunately, it was NOT her ring!
It belonged to her husband's girlfriend. His wife was
furious and divorced her husband over this incident. My
boss told me: 'Return jewelry ONLY to the person whose
clothes you found it in, and NEVER return underwear that
you find in pockets!' Until that moment, I thought my
boss was a finicky woman. But she taught me the need for
PGP."

Privacy, discretion, confidentiality, and prudence are
hallmarks of civilization.

I've heard police say that encryption should be outlawed because
criminals use it to avoid detection. Is this true?

The next time you hear someone say this, ask him if he
wants to outlaw the likes of Thomas Jefferson, the
"Father of American Cryptography."

Many governments, corporations, and law enforcement
agencies use encryption to hide their operations. Yes, a
few criminals also use encryption. Criminals are more
likely to use cars, gloves, and ski-masks to evade
capture.

PGP is "encryption for the masses." It gives average law
abiding citizens a few of the privacy rights which
governments and corporations insist that they need for
themselves.

How does PGP work?

PGP is a type of "public key cryptography." When you
start using PGP, the program generates two "keys" that
belong uniquely to you. Think of these keys as computer
counterparts of the keys in your pocket. One PGP key is
SECRET and stays in your computer. The other key is
PUBLIC. You give this second key to your correspondents.
Here is a sample PUBLIC KEY:


- - - -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.7

mQA9Ai2wD2YAAAEBgJ18cV7rMAFv7P3eBd/cZayI8EEO6XGYkhEO9SLJOw+DFyHg
Px5o+IiR2A6Fh+HguQAFEbQZZGVtbyA8ZGVtb0B3ZWxsLnNmLm NhLnVzPokARQIF
EC2wD4yR2A6Fh+HguQEB3xcBfRTi3D/2qdU3TosScYMAHfgfUwCelbb6wikSxoF5
ees9DL9QMzPZXCioh42dEUXP0g==
=sw5W
- - - -----END PGP PUBLIC KEY BLOCK-----

Suppose the PUBLIC KEY listed above belongs to you and
that you e-mail it to me. I can store your PUBLIC KEY in
my PGP program and use your PUBLIC KEY to encrypt a
message that only you can read. One beauty of PGP is that
you can advertise your PUBLIC KEY the same way that you
can give out your telephone number. If I have your
telephone nber, I can call your telephone; however, I
cannot answer your telephone. Similarly, if I have your
PUBLIC KEY, I can send you mail; however, I cannot read
your mail.

This PUBLIC KEY concept might sound a bit mysterious at
first. However, it bcomes very clear when you play with
PGP for awhile.

How safe is PGP? Will it really protect my privacy?

Perhaps your government or your mother-in-law can "break"
PGP messages by using supercomputers and\or pure
brilliance. I have no way of knowing. Three facts are
certain. First, top-rate civilian cryptographers and
computer experts have tried unsuccessfully to break PGP.
Second, whoever proves that he or she can unravel PGP
will earn quick fame in crypto circles. He or she will be
applauded at banquets and attract grant money. Third,
PGP's programmers will broadcast this news at once.

Almost daily, someone posts a notice such as "PGP Broken
by Omaha Teenager." Take these claims with a grain of
salt. The crypto world attracts its share of paranoids,
provocateurs, and UFO aliens.

To date, nobody has publicly demonstrated the skill to
outsmart or outmuscle PGP.

Is PGP available for my machine?

Versions are available for DOS and Windows, as well as
various Unixes, Macintosh, Amiga, Atari ST, OS/2, and
CompuServe's WinCIM & CSNav. Many persons are working to
expand PGP's usability. Read the Usenet alt.security.pgp
news group for the latest developments.

Are these versions of PGP mutually compatible?

Yes. For example, a document encrypted with PGP on a PC
can be decrypted with someone using PGP on a Unix
machine.

As of September 1, 1994, Versions 2.6 and higher can read
previous versions. However, pre-2.6 versions can no
longer read the newer versions. I strongly recommend that
everyone upgrade to Versions 2.6.2 or 2.7.

Where do I get PGP?

For computer non-experts, the easiest way to get PGP is to
telephone ViaCrypt (a software company) in Phoenix, Arizona at
(602) 944-0773.

PGP is available from countless BBSs (Bulletin Board
Systems) and ftp ("File Transfer Protocol") sites around
the world. These sites, like video stores, come and go.

To find PGP, here are two options: 1) Learn how to use
ARCHIE to search for files on the Internet. 2) Read
BOARDWATCH magazine to find the BBSs in your area.

How expensive is PGP?

The PGP versions that you will find at BBSs and ftp sites
are "freeware." This means that they are free. People
from New Zealand to Mexico use these versions every day.
Depending on where you live, this "freeware" may or may
not violate local laws.

I use PGP Version 2.7 which is distributed by ViaCrypt in
the United States [see below].

Is PGP legal in the United States?

Yes. MIT's PGP Version is licensed for non-commercial use. You
can it from ftp sites or BBSs. ViaCrypt's PGP Version is
licensed for commercial use. You can get it from ViaCrypt.

+++ Important Note +++. It is illegal to export PGP out of the
United States. Do not even think of doing so! To communicate
with friends in, say, England, have your friends get PGP from
sources outside the United States.

What is a PGP digital signature?

At the end of this document, you will see a PGP
signature. This "digital signature" allows persons who
have PGP and my PUBLIC KEY to verify that 1) I, Andre
Bacard, (not a SPORTS ILLUSTRATED superstar pretending to
be me!) wrote this document, and 2) Nobody has altered
this text since I signed it.

PGP signatures might be helpful for signing contracts,
transferring money, and verifying a person's identity.

How difficult is it to learn PGP?

PGP has around two dozen commands. It is a relatively
easy program to learn.

Where can I learn more about the PGP and related subjects?

The following News Groups are a good place to start:

alt.privacy
[to hear about electronic privacy issues]
alt.security.pgp
[to learn everything known about PGP]
talk.politics.crypto
[to keep abreast of legal & political changes]

Anything else I should know?

YOUR privacy and safety are in danger! The black market
price for your IRS records is $500. YOUR medical records
are even cheaper. Prolific bank, credit and medical
databases, the Clipper Chip Initiative, computer matching
programs, cordless & cellular phone scanners, Digital
Telephony legislation, and (hidden) video surveillance
are just a few factors that threaten every law abiding
citizen. Our anti-privacy society gives criminals and
snoops computer data about YOU on a silver platter.

If you want to protect your privacy, I urge you to join
organizations such as the Electronic Frontier Foundation
<membership@eff.org>.

Peace...

[nerve]

Nice link thanks Duke.
I've had pgp for years but never used it for email correspondence,
tend to use encrypted IM instead when I need to talk to a friend online
about paranoid shit.

[dukex]

"tend to use encrypted IM"

I am sure there would be interest for a thread about that, I know I would.
What IM are you using ?

Peace...

[ridder]

trillian supports 128 bit encrypted IMming between other trillian users on both AIM and ICQ networks, using the directIM feature of that particular protocol

[ridder]

and you can set it up as default always on too.. so whenever i talk to another trillian user (and most all of my IM friends use trillian), the client automatically creates a 128 bit secure tunnel as soon as i start typing

[nerve]

I use GAIM, which supports multiple IM protocols.
You need to download the GAIM encryption plugin,
and the person you talk too must also be using GAIM with encryption plug-in.
But, set up like that, you can converse in 4096bit encryption.

Here's some websites to get started:

Here is the Wikipedia entry on GAIM: http://en.wikipedia.org/wiki/Gaim

The official gaim homepage: http://gaim.sourceforge.net/

The encryption plug-in for gaim: http://gaim-encryption.sourceforge.net/

Edit: Like ridder mentioned above, Trillian is another popular client for encrypted IMing, I however am not to familiar with trillian

[~Hippie3]

pgp is so good
the govt. wants it banned.
even the NSA can't crack it.
but i need someone to walk me
thru the process.

[dudicus]

As far as IM security check out Off-The-Record. You can run a daemon and connect any AIM client to it allowing you to have encrypted coversations regardless of the client you like. There is also a gaim plugin for Off-The-Record for Linux and Windows

Off the record: http://www.cypherpunks.ca/otr/


It still needs work but it is actively being developed and the more interest the more it gets worked on!

For PGP/GPG

Also PGP= commercial GPG = open source and freely available

http://wolfram.org/writing/howto/gpg.html <--info for Windows and a link for mac at the bottom.

Then for email clients thunderbird has a enigmail plugin that I use that works with GPG/PGP

Hope that helps

[dukex]

.
.
.
.
.
.

"pgp is so good
the govt. wants it banned.
even the NSA can't crack it.
but i need someone to walk me
thru the process. "

I remember about 10 years ago when the creator was arrested on munition charges. They held him for quite awhile claiming this was a threat because they couldnt crack his security. If I remember correctly he did eventually plea a deal but my memory is not so good.

That walk though will be specific to the operating system and programs you use to read/send mail.

Peace...

So if the law comes and takes your computer with your secret encryption key, they could probably read all your mail anyway, correct? This is just for internet privacy from other computers, correct? So anyone know if trillian is better than GAIM, i have trillian pro 3 now, and it's cool, but GAIM sounds even more secure? Maybe I'll just get both...

[Raptor]

yea that's right, don't know why i just assumed you wanted a programming language, ha.

Is this anything like Kremlin? assuming anyone's even heard of it.

Is "pretty good" good enough.

[dukex]

.
.
.
.
.
.

PB I beleive yes, yes and not sure if its any better it came from the linux world so I am more confident

"Is "pretty good" good enough."

Just a marketing name is was so good the feds arested him because they couldnt crack it.

Nerve are you a linux user ?

Peace...

[the_other_chap]

Quote:

Originally Posted by pissybee

So if the law comes and takes your computer with your secret encryption key, they could probably read all your mail anyway, correct?

They'd still need your passphrase. As long as the only place that that exists is in your head (don't write it down anywhere even once) you're still OK.
(and beware of key-logging software)

[imok]

hive mat to security imo

[pacingthecage]

Ok, here's an attempt at a walk-through for PGP setup and use (it's a little complicated, but I will simplify as much as possible):

To use PGP, you must have PGP encryption software installed on your PC. You can pay for it or get it free. The free versions are straight-up PGP without all the whistles and bells. I think the top 3 free PGP software downloads now are PGP Corp, PGPi, and GPG (Gnu Privacy Guard).

Here are some links for PGP freeware-

WHERE TO GET PGP and GPG
http://cryptography.org/getpgp.htm

Personally, I went with PGP Corp's 8.1 freeware version, available for Windows or Macs (http://www.pgp.com/downloads/freeware/freeware.html). They used to only offer a commercial version, but now they have it available as freeware, also:

"While PGP 8.1 Freeware can be easily downloaded and installed, it often causes confusion and frustration on the part of potential new PGP users for several reasons:

*the PGP 8.1 Freeware & PGP 8.1 Personal download packages
are the same (previously, there were separate download files
for PGP Personal and PGP Freeware);

*the PGP 8.1 Freeware/Personal setup routine allows users to install
PGPdisk and email plug-ins, even if they don't have a PGP 8.1 Personal
license (which is required to use those components);

*the PGP 8.1 Freeware/Personal setup routine presents a PGP License
Authorization box at the end of installation, leading users to believe
that they must pay for a license or go through an Online License Authoriz-
ation process in order to use PGP Freeware;

*PGP 8.1 Freeware does not include email plug-ins for popular email
clients such as Outlook, Outlook Express, and Eudora, leading some
users to believe that they can no longer use PGP to encrypt and sign
email, and that PGP 8.1 Freeware is thus "broken" and "useless."

The Reality of PGP 8.1 Freeware...

In fact, PGP 8.1 Freeware is truly "free for personal use" * (just as previous PGP Freeware versions were) and does not require users to pay or go through the Online License Authorization process in order to use the software. Moreover, although PGP 8.1 Freeware does not include email plug-ins, it can still be used to encrypt and sign email, and the process for doing so is trivially easy."

*perfect instructions for download and setup - https://netfiles.uiuc.edu/ehowes/www...8fw/pgp8fw.htm

Really, the trick is just to make sure to un-check/de-select all the boxes (bells and whistles) in the PGP Setup window that says Select Components and when it asks you to register - just click 'Later'. Then you have the FREE version. The link above has an illustration. You want to skip anything (even the instructions) that has to do with 'licensing registration'. Pretty simple, don't complicate it and you'll be alright.

If you go with another PGP software, your on your own - can't help ya there.

Either way, however, you will need to:

1.) Create a private and public keypair. Before you can begin using PGP, you need to generate a keypair. If you go with PGP 8.1, you have the option of creating a new keypair during the PGP installation procedure, or you can do so at any time by opening the PGPkeys application. You need a keypair to:

-encrypt information

-decrypt information that has been encrypted to your key

-sign information

2.) Exchange public keys with others. After you have created a keypair, you can begin corresponding with other PGP users. You will need a copy of their public key and they will need yours. Your public key is just a block of text, so it’s quite easy to trade keys with someone. You can include your public key in an email message, copy it to a file, or post it on a public or corporate key server where anyone can get a copy when he or she needs it.

3.) Validate users' public keys. Once you have a copy of someone’s public key, you can add it to your public keyring. You should then check to make sure that the key has not been tampered with and that it really belongs to the purported owner. You do this by comparing the unique fingerprint on your copy of someone’s public key to the fingerprint on that person’s original key. When you are sure that you have a valid public key, you sign it to indicate that you feel the key is safe to use. In addition, you can grant the owner of the key a level of trust indicating how much confidence you have in that person to vouch for the authenticity of someone else’s public key.


You can also start securing your data with PGP. Depending on the PGP components you installed, you can start securing your email and files and/or stored data. See the individual help systems or user's guides for detailed instructions.

on edit:
I almost forgot to mention a very nice aspect of PGP Corp 8.1. There is a nifty little 'Wiping Wizard' feature that wipes your files and/or free space on drives, when desired.

"PGP Corp uses heavily researched techniques and patterns designed specifically for overwriting data on magnetic and optical media"

You can make as many passes as you'd like, but they say just 3 times will do a nice job!

[pacingthecage]

Quote:

Originally Posted by pissybee

So if the law comes and takes your computer with your secret encryption key, they could probably read all your mail anyway, correct? This is just for internet privacy from other computers, correct?

Incorrect.

First, PGP is encryption for email or files. Has nothing to do with surfing.

Second, you have to have a keypair - private and public. Your public you can adverstise all over the internet if you want. There are even worldwide registries for anyone who wants to publish their public key. It's like your PGP address.

Your private key on the other hand belongs to just you. It's your password. Keep it in your head. When you decrypt incoming mail, you use it to read the mail, delete and 'wipe' whatever file and/or drive it's on. PGP Corp's 8.1 software comes with a built-in file 'wiper' and a 'Wipe Free Space' wizard.

[pacingthecage]

Quote:

Originally Posted by dukex

.
If you want to protect your privacy, I urge you to join
organizations such as the Electronic Frontier Foundation
<membership@eff.org>.

Just a note:

This is the same Electronic Frontier Foundation that is behind Tor (discussed in the Free Anon Surfing thread here).

[dukex]

Very nice... thanks for the details

I personally beleive that the feds have a backdoor into PGP and that if they want into your email because you didnt delete/wipe they could.

Peace...

[~Hippie3]

i doubt it.
without your key
pgp is uncrackable.

[dukex]

I should have been a little more specific. As far as sending/receiveing emails i think you would be fine. If I had possesion of your computer I beleive I could brute force your passphrase let alone what the federallys could do.

Why do I think I can ? cause 90% of the passwords and passphrases are between 6-8 characters and even lowercase. That could be brute forced in a few hours. We could do a whole topic on this passwprd/phrase strength.

This is all good discussion but I still think the feds have the master key.

Peace...

[~Hippie3]

well, possession of my computer
by anyone other than me
is something i intend to prevent.
keep a can of gas nearby...

[dukex]

You are busy this morning

Exactly my sentiment with the gas.

Peace...

[the_other_chap]

Quote:

Originally Posted by dukex

Why do I think I can ? cause 90% of the passwords and passphrases are between 6-8 characters and even lowercase. That could be brute forced in a few hours. We could do a whole topic on this passwprd/phrase strength.

Yes, but PGP gives you an indication of your passphrase strength as you're typing it. It doesn't reach "full" strength until at least 25 characters.

Quote:

This is all good discussion but I still think the feds have the master key.

That's one of the good points about PGP, there is no possible "master key".
The source code of PGP is available for examination (and compiling yourself if you wish) so any "backdoors" would have been busted long ago.

If you want to encrypt your mail or files, I think PGP is probably one of the best ways of doing it.
Here's some info about PGP's security: http://axion.physics.ubc.ca/pgp-attack.html

If you google "PGP vulnerability" there's plenty more info.

[pacingthecage]

Quote:

Originally Posted by the_other_chap

Yes, but PGP gives you an indication of your passphrase strength as you're typing it. It doesn't reach "full" strength until at least 25 characters.

This is true, at least for PGP Corp's 8.1. There is a meter that indicates strength of passphrase as your typing it in.

Quote:

Originally Posted by dukex

As far as sending/receiveing emails i think you would be fine. If I had possesion of your computer I beleive I could brute force your passphrase let alone what the federallys could do.

Why do I think I can ? cause 90% of the passwords and passphrases are between 6-8 characters and even lowercase. That could be brute forced in a few hours. We could do a whole topic on this passwprd/phrase strength.

The point is, I think, PGP security comes down to one thing - the strength of your passphrase. You can make your passphrase as simple or as complicated as you'd like. The more complicated it is, the stronger it is; but also the more inconvenient it becomes - can you memorize all those characters? Do you store your passphrase on your PC or write it down somewhere, thus compromising secrecy?

[dukex]

"This is true, at least for PGP Corp's 8.1. There is a meter that indicates strength of passphrase as your typing it in."

It doesnt force you to use 25 characters or to mix upper and lower case with special characters.

"The point is, I think, PGP security comes down to one thing - the strength of your passphrase. You can make your passphrase as simple or as complicated as you'd like. The more complicated it is, the stronger it is; but also the more inconvenient it becomes - can you memorize all those characters? Do you store your passphrase on your PC or write it down somewhere, thus compromising secrecy?"

That was one of the points I was trying to make thanks for articulating it.

Peace...

[the_other_chap]

A good passphrase needn't be hard to remember.
Something like "My Large Belly Will Not Fit Through This Door" is fine, and just as safe as "fl33t 0f F00t anD 6r33n dre4MIn6ly sI33P.

[phalanx]

Quote:

Originally Posted by Hippie3

well, possession of my computer
by anyone other than me
is something i intend to prevent.
keep a can of gas nearby...

The problem there is that you may burn your house down too unless you have time to bring it outside to burn it. What about a sledge hammer? I'm thinking of a situation where you had only seconds before the cops burst into the room. Maybe you could shoot the hard drive with a gun, but the cops may shoot you when they burst in.

I heard if you throw a hard drive on the ground hard then it is busted and can't be used. Maybe determined cops could re-mount the disc. You could throw the main comp unit out the window if the comp room is high up, but if you hit anyone with it on the way down it would be further trouble.

[the_other_chap]

Quote:

Originally Posted by phalanx

I heard if you throw a hard drive on the ground hard then it is busted and can't be used.

Not as true as it used to be. Most drives now can withstand being physically abused, and even if you do break it mechanically, the data is still on the disk platters, and is easy to retrieve.

No method is going to be quick & easy enough to destroy your data when the cops are already at the door. (although a thermite charge to melt the disk in situ might be worth considering)

[pacingthecage]

Need destruction of your hard drive and FAST?

Money no object?

YOU NEED A DEGAUSSER!

Degaussing: Degaussing, named after the German scientist Carl Friedrich Gauss, is the process of removing permanent magnetism (magnetic hysteresis) from an object. It is accomplished by passing the object through a magnetic field that oscillates with diminishing amplitude.

Degaussing magnetic data storage media

Data are stored in magnetic media, such as hard drives, floppy disks and magnetic tape, by making very small areas called magnetic domains change their magnetic alignment to be in the direction of an applied magnetic field. This phenomenon occurs in much the same way that a compass needle points in the direction of the earth's magnetic field. Degaussing, commonly called erasure, leaves the domains in random patterns with no preference to orientation, thereby rendering previous data unrecoverable. There are some domains whose magnetic alignment is not randomized after degaussing. The information that these domains represent is commonly called magnetic remanence. Proper degaussing will ensure that there is insufficient magnetic remanence to reconstruct the data.

Erasure via degaussing may be accomplished in two ways: in AC erasure, the media is degaussed by applying an alternating field that is reduced in amplitude over time from an initial high value (i.e., AC powered); in DC erasure, the media is saturated by applying a unidirectional field (i.e., DC powered or by employing a permanent magnet). A degausser is a device that can generate a magnetic field for degaussing magnetic storage media.
Source National Computer Security Center TG-025.
http://en.wikipedia.org/wiki/Degauss

The DoD has approved both overwriting and degaussing as methods to clear or purge this media. See Section 4, "Risk Considerations," and DoD 5200.28-M for additional information. Degaussed disks will generally require restoration of factory installed timing tracks. Type I degaussers and approved hand-held magnets can purge this media up to a coercivity level of 1100 oersteds. If hand-held magnets are used, then the magnet must be placed in almost direct contact with the disk, separated by only a tissue to prevent scratching the disk. Sometimes it is possible to insert the magnet between the platters without disassembling them. As a practical matter, if the drive must be disassembled, it is usually easier to destroy the platters than to degauss and then reinstall them.

Recently completed research has indicated that degaussing is an effective method to purge rigid disk media. Large cavity degaussing equipment can be used to erase the data from sealed disk packs and Winchester style hard disk drives while the platters remain in the drive. Care must be exercised to ensure that the disk drive is not encasqd in a material that conducts a magnetic field. Research has shown that aluminum housings on Winchester disk drives attenuate the degaussing field by only about 2 db. Operational guidance is now being developed for the DoD.
http://all.net/books/standards/remnants/standards.html

All About Degaussers and
Erasure of Magnetic Media
http://www.athana.com/ddequip/allaboutdegaussers.htm

Introducing the

Athana International

V85 Magnetic Media Degaussing Wand

Department of Defense Certified

Features:

Certified by the Department of Defense
Degausses all flat-surface magnetic media
Multi-polar design insures complete erasure
Magnetic shield provides safe storage
Easy-to-use design
Degausser does not require electricity for operation
Holes in handle enable degausser to be hung when not in use
Comes in BlackOps Black, Gunmetal Grey, RogueAgent Red or Hot Pink

Applications:

Government organizations
Military organizations
Financial institutions

Media erased:

Hard disk drives
Disk packs
Drum memory
Flexible disks
Flat surface magnetic memory

**YOURS FOR ONLY**

$1,195.00

http://www.athana.com/ddequip/v85.htm

[phalanx]

It sounded ideal until I got to the price.

My apple comp has a thing called File Vault. When activated, it encrypts the home folder and decrypts it when I log in. I don't know how secure it is but the instructions suggest I will be totally fucked if I forget my login password. Maybe there are similar programs available for pcs. All you would have to do is log out and the whole thing is safely encrypted, apparently.

[~Hippie3]

Quote:

you may burn your house down too

yep, i know.

[shobimono]

Keep in mind that a chain is only as strong as it's weakest link

http://www.washingtonpost.com/wp-dyn...2005Mar28.html

[pacingthecage]

very good article.

thx.


[ed.
active thread = here