Date: Fri, 18 Jan 2008 13:35:02 -0500 From: Bill Moran <wmoran@potentialtech.com> To: RW <fbsd06@mlists.homeunix.com> Cc: freebsd-questions@freebsd.org Subject: Re: Gutman Method on Empty Space Message-ID: <20080118133502.efde80a4.wmoran@potentialtech.com> In-Reply-To: <20080118175831.72929086@gumby.homeunix.com.> References: <478F0D5A.9090107@highperformance.net> <20080117081414.GB12470@draenor.org> <478F1049.3000706@boosten.org> <20080117083837.GC12470@draenor.org> <20080117094332.K1563@wojtek.tensor.gdynia.pl> <20080117090210.GD12470@draenor.org> <478F8980.1090301@highperformance.net> <20080118175831.72929086@gumby.homeunix.com.>
next in thread | previous in thread | raw e-mail | index | archive | help
In response to RW <fbsd06@mlists.homeunix.com>: > On Thu, 17 Jan 2008 08:59:44 -0800 > "Jason C. Wells" <jcw@highperformance.net> wrote: > > > Gutmann method might be excessive but any software that uses it shows > > a seriousness about security. > > Gutmann himself regards the continued use of his method as "Voodoo" > > Gutmann's paper was about wiping the kind of disks that were being > disposed of in 1996. The write patterns used in his method are specific > to drives that were already out of production at the time. For drives > that were in production, a few random passes are the best that can be > done. His opinion now is that with modern drive technologies the chances > of recovering anything useful are virtually zero. > > I've never heard any indication that agencies like the FBI can do it, > or that commercial companies can provide such a service - at any > price. If you are serious about security, one or two passes > from /dev/random to the device are fine. If you are paranoid about what > the NSA might be able to do, buy a pickaxe. Many companies provide secure disposal services -- which generally involve dramatic physical destruction of the media. Seems to me that this the accepted approach these days. You know, they crush the drive, then burn it, then stomp on the ashes ... Of course, that only applies if you're disposing of an entire drive. If you just want to do a clean wipe of a file, rm -P is enough. There's no way for a logged in user to recover what was there before rm overwrote the file with zeros. If you're concerned about a user physically examining a disk then you have to enforce physical security, either through physically securing the device, or with HDD encryption (via geli or similar). If this is an isolated incident (i.e. you accidentally put a sensitive file on an insecure drive), I think you'll be fine if you overwrite it from /dev/random once or twice, then rm -P it. -- Bill Moran http://www.potentialtech.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080118133502.efde80a4.wmoran>