Date: Fri, 15 Jul 2005 11:14:13 +0100 From: David Kreil <kreil@ebi.ac.uk> To: "Poul-Henning Kamp" <phk@haven.freebsd.dk> Cc: freebsd-fs@freebsd.org, David Kreil <kreil@ebi.ac.uk>, freebsd-questions@freebsd.org Subject: Re: gbde blackening feature - how can on disk keys be "destroyed" thoroughly? Message-ID: <200507151014.j6FAEDt02003@parrot.ebi.ac.uk> In-Reply-To: Your message of "Fri, 15 Jul 2005 11:24:18 %2B0200." <9297.1121419458@phk.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Dear Poul-Henning, Thank you for your fast and friendly reply! > In FreeBSD you need to study the cvs logs to see what happened. > = > http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/geom/bde/?hideattic=3D0>; Ah, thanks! > >You have been most helpful in our discussion last year. I have now, in= = > >particular, been wondering whether you have since at all had a chance = of = > >revisiting the issue of blackening keys with multiple physical random = > >overwrite before resetting them to zero to avoid key recovery by metho= ds = > >as available from companies like www.dataclinic.co.uk. > = > I have talked with some people from various disk manufactureres who > know what they talk about and their unanimous advice is: "forget it". > The geometry of modern disk R/W heads does not allow you to do anything= > which will be really efficient. This, however, would not matter due to the beauty of the gbde design! The= = areas that one would need to "wipe" are very small. All we need to thorou= ghly = destroy are the keys, then the rest can safely stay in place. So, even if one doesn't know how to disable device caching, if a typical = disk = cash is 8MB, I suppose one could flush it through by writing 20MB. so, if= one = has |key|20MB bla| on disk and one wrote |random|20MB bla| that should ge= the = "random" bits overwriting the key on disk (but for hardware level sector = remapping but that is a rare event). One would have to bypass the operati= ng = system cache though but I guess you would know how to do that, right? This should take less than 1s on a modern disk, i.e., less than half a mi= nute = for the entire procedure, x4 =3D 1-2 minutes, which should be fast enough= for a = final destruction. Would it be a lot of work for someone knowledgable to implement that? I'd= be = happy to help but my knowledge of FreeBSD internals is sketchy to say the= = least. What do you think? I much look forward to hearing from you. With best regards, David. -------------------------------------------------------------------------= -- Dr David Philip Kreil = Research Fellow, Darwin College, | WWTF Vienna Science Chair of University of Cambridge | Bioinformatics, Dept of Biotechnology, ++44 1223 764107, fax 7092 810040 | c/o IAM / BOKU, A-1190 Muthgasse 18 www.inference.phy.cam.ac.uk/dpk20 | ++43 1 360066830
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200507151014.j6FAEDt02003>