Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 18 Jan 2008 13:35:02 -0500
From:      Bill Moran <wmoran@potentialtech.com>
To:        RW <fbsd06@mlists.homeunix.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Gutman Method on Empty Space
Message-ID:  <20080118133502.efde80a4.wmoran@potentialtech.com>
In-Reply-To: <20080118175831.72929086@gumby.homeunix.com.>
References:  <478F0D5A.9090107@highperformance.net> <20080117081414.GB12470@draenor.org> <478F1049.3000706@boosten.org> <20080117083837.GC12470@draenor.org> <20080117094332.K1563@wojtek.tensor.gdynia.pl> <20080117090210.GD12470@draenor.org> <478F8980.1090301@highperformance.net> <20080118175831.72929086@gumby.homeunix.com.>

next in thread | previous in thread | raw e-mail | index | archive | help
In response to RW <fbsd06@mlists.homeunix.com>:

> On Thu, 17 Jan 2008 08:59:44 -0800
> "Jason C. Wells" <jcw@highperformance.net> wrote:
> 
> > Gutmann method might be excessive but any software that uses it shows
> > a seriousness about security. 
> 
> Gutmann himself regards the continued use of his method as "Voodoo"
> 
> Gutmann's paper was about wiping the kind of disks that were being
> disposed of in 1996. The write patterns used in his method are specific
> to drives that were already out of production at the time. For drives
> that were in production, a few random passes are the best that can be
> done. His opinion now is that with modern drive technologies the chances
> of recovering anything useful are virtually zero.
> 
> I've never heard any indication that agencies like the FBI can do it,
> or that commercial companies can provide such a service - at any
> price.  If you are serious about security, one or two passes
> from /dev/random to the device are fine. If you are paranoid about what
> the NSA might be able to do, buy a pickaxe. 

Many companies provide secure disposal services -- which generally involve
dramatic physical destruction of the media.  Seems to me that this the
accepted approach these days.  You know, they crush the drive, then burn
it, then stomp on the ashes ...

Of course, that only applies if you're disposing of an entire drive.  If
you just want to do a clean wipe of a file, rm -P is enough.  There's no
way for a logged in user to recover what was there before rm overwrote
the file with zeros.  If you're concerned about a user physically
examining a disk then you have to enforce physical security, either
through physically securing the device, or with HDD encryption (via geli
or similar).

If this is an isolated incident (i.e. you accidentally put a sensitive
file on an insecure drive), I think you'll be fine if you overwrite it
from /dev/random once or twice, then rm -P it.

-- 
Bill Moran
http://www.potentialtech.com



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080118133502.efde80a4.wmoran>