From owner-freebsd-fs@FreeBSD.ORG  Fri Jul 15 09:24:22 2005
Return-Path: <owner-freebsd-fs@FreeBSD.ORG>
X-Original-To: freebsd-fs@freebsd.org
Delivered-To: freebsd-fs@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2EAF416A41C;
	Fri, 15 Jul 2005 09:24:22 +0000 (GMT)
	(envelope-from phk@phk.freebsd.dk)
Received: from haven.freebsd.dk (haven.freebsd.dk [130.225.244.222])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C9F1B43D48;
	Fri, 15 Jul 2005 09:24:21 +0000 (GMT)
	(envelope-from phk@phk.freebsd.dk)
Received: from phk.freebsd.dk (unknown [192.168.48.2])
	by haven.freebsd.dk (Postfix) with ESMTP id 7371EBC83;
	Fri, 15 Jul 2005 09:24:19 +0000 (UTC)
To: David Kreil <kreil@ebi.ac.uk>
From: "Poul-Henning Kamp" <phk@phk.freebsd.dk>
In-Reply-To: Your message of "Thu, 14 Jul 2005 21:37:36 BST."
	<200507142037.j6EKbaf12941@parrot.ebi.ac.uk> 
Date: Fri, 15 Jul 2005 11:24:18 +0200
Message-ID: <9297.1121419458@phk.freebsd.dk>
Sender: phk@phk.freebsd.dk
Cc: freebsd-fs@freebsd.org, Poul-Henning Kamp <phk@haven.freebsd.dk>,
	freebsd-questions@freebsd.org
Subject: Re: gbde blackening feature - how can on disk keys be "destroyed"
	thoroughly? 
X-BeenThere: freebsd-fs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Filesystems <freebsd-fs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
	<mailto:freebsd-fs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-fs>
List-Post: <mailto:freebsd-fs@freebsd.org>
List-Help: <mailto:freebsd-fs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
	<mailto:freebsd-fs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Jul 2005 09:24:22 -0000

In message <200507142037.j6EKbaf12941@parrot.ebi.ac.uk>, David Kreil writes:
>
>Dear Poul-Henning,
>
>After a job induced pause in my strong interest in encryption solutions, 
>I have on my return tried to learn what has since changed with gbde. I must
> be missing the obvious because I cannot locate a "changelog" or "release
> notes" document.

Not much has happened :-)

In FreeBSD you need to study the cvs logs to see what happened.

http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/geom/bde/?hideattic=0

>You have been most helpful in our discussion last year. I have now, in 
>particular, been wondering whether you have since at all had a chance of 
>revisiting the issue of blackening keys with multiple physical random 
>overwrite before resetting them to zero to avoid key recovery by methods 
>as available from companies like www.dataclinic.co.uk.

I have talked with some people from various disk manufactureres who
know what they talk about and their unanimous advice is: "forget it".

The geometry of modern disk R/W heads does not allow you to do anything
which will be really efficient.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.