HPE Community
Disk Enclosures
1751921 Members
4809 Online
108783 Solutions
New Discussion юеВ

Security concern in RAID disk

 
SOLVED
Go to solution
Gordon_3
Regular Advisor

тАО07-26-2006 08:39 PM

тАО07-26-2006 08:39 PM

Security concern in RAID disk

Hi,

Want to ask 1 interesting Q here, do u guys think that, if 1 single disks in a RAID 5 group get handover to some computer experts, is there any way to recovery ANY pieces of information from that disk, my feeling is not possible, coz those information inside that disk is just a fraction of data, which is not meaningful to any system, am I true? Is there any interesting web site has this kind of info? Thx.

Bgds,
Gordon
Gordon
0 Kudos
Reply
6 REPLIES 6
Piergiacomo Perini
Trusted Contributor

тАО07-26-2006 09:32 PM

тАО07-26-2006 09:32 PM

Solution

Re: Security concern in RAID disk

Hi Gordon,
also my feeeling is "not possible" but...
surfing on the net i find this :

http://drivelabs.us/

(no subliminal advertising ;-)


It seems that something could do ...
hth

regards
pg
Reply
Gordon_3
Regular Advisor

тАО07-26-2006 10:27 PM

тАО07-26-2006 10:27 PM

Re: Security concern in RAID disk

Hi,

Yeah I also do a google search and found many similar companies doing same kind of job, but my feeling is that they can only recover when the whole raid group of disks are there, but somehow RAID failure making it not visisible, I quite doubt they can recover anything with just 1 disk...

Bgds,
Gordon
Gordon
0 Kudos
Reply
Jaime Bolanos Rojas.
Honored Contributor

тАО07-26-2006 11:40 PM

тАО07-26-2006 11:40 PM

Re: Security concern in RAID disk

Gordon,

Recover that information is not an easy task, in a raid 5 the parity is distributed across the 3 drives or more that are on the array, so is the data.
I bet that somewhere in this world the is a math genious that might be able to figure out the numbers that he is missing on that one drive, but I can inmagine the price for it, even if the array went bad.

In real life not quite possible - at least not for me - is somebody got that huge amount of money and desire to get that data, they might.

Regards,

jaime.
Work hard when the need comes out.
Reply
Steven E. Protter
Exalted Contributor

тАО07-27-2006 12:39 AM

тАО07-27-2006 12:39 AM

Re: Security concern in RAID disk

Shalom Gordon,

Answer to your original question.

Yes, it is absolutely possible if not trivial for someone to recover usuable data even from one disk in a Raid 5 striping set.

I don't have a website on this, but am certain of this. How much will be recovered will depend on how many disks were in the striping set.

This is one of the reasons we physically destroy instead of re-sell disks coming out of retired computers. We value our secrets.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Hein van den Heuvel
Honored Contributor

тАО07-27-2006 12:40 AM

тАО07-27-2006 12:40 AM

Re: Security concern in RAID disk

Just to state the obvious...

Raid-5 storage always distributes data in chunks. Those chunks can be as small as 8kb, or as large as 4MB, but more likely in the 64 - 128 KB range. So clearly a small file could fit entirely in a single chunck and thuse on single spindle.
A 'strings' like program could retrieve that data.

On the other had, if the raid set was holding a large collection of data, let's take the silly example of a file with 4 million customer records each with credit card numners, names, address and phone numbers. Clearly each disk will have chunks of that file and the security hazard each chunk presents may already be unacceptable.

fwiw,
Hein.
Reply
spex
Honored Contributor

тАО07-27-2006 12:44 AM

тАО07-27-2006 12:44 AM

Re: Security concern in RAID disk

Gordon,

It wouldn't be easy, but it's possible.

The smallest unit of storage of a RAID set is the block. Let's say your RAID has a block size of 64k. This is the smallest unit of IO the array can handle. This implies that for any disk in the set, many chunks consisting of 64k of contiguous data exist. Provided the data isn't encrypted, each non-parity block could be read and analyzed. 64k is a lot of data to work with, and quite a bit could be recovered. Combine this with the fact that a disk holds many blocks, and, even with lots of pieces missing, quite a bit could be taken away.

Of course, with a smaller block size, the task becomes more difficult, as the data becomes less coherent. With a larger block size, the task becomes easier.

Moral of the story: the only way to ensure that private information remains private is to destroy the disk.

PCS
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.