Password-less secure login with SQRL, disk recovery with SpinRite, and data obliteration with Beyond Recall
Steve Gibson is on quite a roll lately. Over the past few months, I've had the pleasure of witnessing the evolution of his thinking, with the unfolding of his thought process expertly explained to his listeners. His thoughts and ideas eventually become realities. He has a way of engaging his audience as he describes projects with a great deal of forethought and preparation. Great company on those longer roadtrips I occasionally take, turning what I'd normally just endure into an actual joy. It's always quite a ride, with Steve by my side. For long drives, or even just mowing.
Steve's site above has all the very detailed show notes, and all the podcast play and subscribe details. Did you know that grc.com has been around as long as Google? Yeah, I know, it looks it. Yes, grc.com was registered December of 1991, as seen on whois
Updated Date: 13-nov-2012
Creation Date: 17-dec-1991
Expiration Date: 16-dec-2017
Also notice grc.com's URLs. Yep, they all begin with https://
Video playback at http://twit.tv/sn
The aging but very capable tool, with the latest version 6.0 release arriving back in 2004, has a wiki page here. I've used SpinRite to help a failing TiVo hard drive stay alive a little longer, getting some shows migrated to a newly upgraded TiVo. I've had some success with it on a variety of failing PC drives as well.
Coming up in the new version 6.1 will be full support for UEFI BIOS, and the promise if dramatically improved speeds. Given we're up to 6TB drives these days, better speed sounds promising. He's basically written a custom boot environment that'll include the ability to run on a Mac, without having to take the drive out first and putting it into a PC. Interesting!
Steve: So, okay. A little to set the stage here. This was driven by my current R&D effort, essentially, for the next release of SpinRite, which I'm calling 6.1. My intent is not to rewrite SpinRite. That would take a long time. And it's really not necessary for what SpinRite is today. I do, because we've seen that SpinRite is able to recover SSD drives - like as far as we know it's got a great track record of doing that. That to me says, okay, it's not going away anytime soon. So I'm fully looking at a v7 which will actually be a restart because I want to add features that the current user interface just can't handle and, in fact, that whole architecture is not designed for, like going into the file system, having it be file system aware, allowing you to say I want to pull this file off of the drive, rather than just fix the whole drive. Or I want to pull all of my documents. Or I want to prioritize recovering files over recovering space. Or I want to clone a dying drive to another drive. These are things that people have asked about...
So one aspect is that SpinRite will incorporate its own low-level device drivers to talk directly to the hardware on the motherboard.
The under construction beyondrecall.com was registered back on 2-14-2003, seen on whois.com.
Recent podcast mention of Beyond Recall drive wipe software at https://www.grc.com/sn/sn-439.pdf:
...So he wasn't using SpinRite to bring them back to life to use them, but mostly to be able to run DBAN on them. And so the good news is, not long from now, that will no longer be necessary because there will be a product, an inexpensive product from me, which has already been named, and I've had the trademark for it for years, and that's called "Beyond Recall." And so what the plan is, as soon as I get SpinRite 6.1 finished and out the door, I'm then going to basically take the core of that new technology that I developed to make 6.1 run so fast and repurpose it as a GRC-grade drive-wiping tool, which just ought to blow the doors off DBAN and everything else in terms of its performance because it will use, for example, the 32MB buffer technology that I've got running already in the work that's been done on SpinRite 6.1, where we can do multiple terabytes in the course of a few hours. And so it will bring that kind of wiping, and actually it'll be the second commercial product that GRC has.
This certainly has the potential to speed up the often arduous end-of-useful-life task, making it easier and fast to destroy any data left on old drives. I'd also guess that commercial applications of this future product seem inevitable.
And last, and certainly not least, is SQRL. It has by far the broadest potential user base of anything Steve's come up with to date, and I've found the discussion about replacing the username/password scheme we're all accustomed to quite fascinating. This has the potential to revolutionize security on the web.
Here's the Gibson Research Corporation Secure Quick Reliable Login site, then along came SQRL follower Ben Cooper, who created a very nice non-technical Illustrated Guide to SQRL.
Not convinced it's time for something better? Just listen to the most recent Security Now episode 456 at this spot, where Steve discusses Shubham Shah's recent How I bypassed 2-Factor-Authentication on Google, Facebook, Yahoo, LinkedIn, and many others.
Great listening on those long drives! If you're interested in what make Steve tick, and a bit about his upbringing, check out Triangulation 147.
See also
by Paul Braren on Feb 22 2014.
GRC's ShieldsUp featured in:
