Date: Fri, 15 Jul 2005 11:24:18 +0200 From: "Poul-Henning Kamp" <phk@phk.freebsd.dk> To: David Kreil <kreil@ebi.ac.uk> Cc: freebsd-fs@freebsd.org, Poul-Henning Kamp <phk@haven.freebsd.dk>, freebsd-questions@freebsd.org Subject: Re: gbde blackening feature - how can on disk keys be "destroyed" thoroughly? Message-ID: <9297.1121419458@phk.freebsd.dk> In-Reply-To: Your message of "Thu, 14 Jul 2005 21:37:36 BST." <200507142037.j6EKbaf12941@parrot.ebi.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <200507142037.j6EKbaf12941@parrot.ebi.ac.uk>, David Kreil writes: > >Dear Poul-Henning, > >After a job induced pause in my strong interest in encryption solutions, >I have on my return tried to learn what has since changed with gbde. I must > be missing the obvious because I cannot locate a "changelog" or "release > notes" document. Not much has happened :-) In FreeBSD you need to study the cvs logs to see what happened. http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/geom/bde/?hideattic=0 >You have been most helpful in our discussion last year. I have now, in >particular, been wondering whether you have since at all had a chance of >revisiting the issue of blackening keys with multiple physical random >overwrite before resetting them to zero to avoid key recovery by methods >as available from companies like www.dataclinic.co.uk. I have talked with some people from various disk manufactureres who know what they talk about and their unanimous advice is: "forget it". The geometry of modern disk R/W heads does not allow you to do anything which will be really efficient. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9297.1121419458>