From owner-freebsd-hackers@FreeBSD.ORG Wed Feb 27 00:30:18 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2CBCB1065670 for ; Wed, 27 Feb 2008 00:30:18 +0000 (UTC) (envelope-from fbsd06+TQ=e8b94b1b@mlists.homeunix.com) Received: from turtle-out.mxes.net (turtle-out.mxes.net [216.86.168.191]) by mx1.freebsd.org (Postfix) with ESMTP id EBD9713C458 for ; Wed, 27 Feb 2008 00:30:17 +0000 (UTC) (envelope-from fbsd06+TQ=e8b94b1b@mlists.homeunix.com) Received: from mxout-04.mxes.net (mxout-04.mxes.net [216.86.168.179]) by turtle-in.mxes.net (Postfix) with ESMTP id D0905164694 for ; Tue, 26 Feb 2008 19:12:28 -0500 (EST) Received: from gumby.homeunix.com. (unknown [87.81.140.128]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTP id 431A0D05A6 for ; Tue, 26 Feb 2008 19:12:27 -0500 (EST) Date: Wed, 27 Feb 2008 00:12:23 +0000 From: RW To: freebsd-hackers@freebsd.org Message-ID: <20080227001223.5fa02d7d@gumby.homeunix.com.> In-Reply-To: References: <20080223010856.7244.qmail@smasher.org> <47C068B5.2090000@thedarkside.nl> <20080223185620.GA98105@eos.sc1.parodius.com> <1204051337.47c45d89ea6eb@imp.free.fr> X-Mailer: Claws Mail 3.3.0 (GTK+ 2.12.8; i386-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Zeroing sensitive memory chunks [Was: Security Flaw in Popular Disk Encryption Technologies] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Feb 2008 00:30:18 -0000 On Tue, 26 Feb 2008 22:49:37 +0300 Eygene Ryabinkin wrote: > Yes, Geoff just responded to my private question: it was Peter > Gutmann, who pointed him to the thing you're talking about. There > is a paper by Peter, > http://www.usenix.org/publications/library/proceedings/sec96/full_papers/gutmann/ There's an updated copy of this paper on Gutmann's site that points-out that he was writing about devices that were being decommissioned in the early nineties, and that he's sceptical about anything being recovered from modern drives once they have been overwritten - even once. The idea that that forensic scientists use this kind of technique to recover deleted files is a myth. > I still don't understand how cleaning of a memory area will help > to clean the swapped page, but may be there are some systems which > will update the swapped page on the memory access. That shouldn't be an issue since it's easy to encrypt swap with a one-time key. In FreeBSD you simply append .eli to the swap device name in fstab.