From owner-freebsd-questions@FreeBSD.ORG Fri Sep 3 23:40:37 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4D82916A4CE; Fri, 3 Sep 2004 23:40:37 +0000 (GMT) Received: from sccrmhc13.comcast.net (sccrmhc13.comcast.net [204.127.202.64]) by mx1.FreeBSD.org (Postfix) with ESMTP id CAD8B43D1F; Fri, 3 Sep 2004 23:40:36 +0000 (GMT) (envelope-from zettel@acm.org) Received: from [192.168.0.4] (bgp966574bgs.derbrn01.mi.comcast.net[68.41.108.205]) by comcast.net (sccrmhc13) with ESMTP id <2004090323403501600i43oce>; Fri, 3 Sep 2004 23:40:36 +0000 From: Len Zettel To: freebsd-questions@freebsd.org Date: Fri, 3 Sep 2004 19:41:18 -0400 User-Agent: KMail/1.6.2 References: <200409032318.i83NIcu05679@puffin.ebi.ac.uk> In-Reply-To: <200409032318.i83NIcu05679@puffin.ebi.ac.uk> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200409031941.18668.zettel@acm.org> cc: freebsd-fs@freebsd.org cc: David Kreil cc: freebsd-geom@freebsd.org cc: Vijay Kaul Subject: Re: gbde blackening feature - how can on disk keys be "destroyed" thoroughly? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Sep 2004 23:40:37 -0000 On Friday 03 September 2004 07:18 pm, David Kreil wrote: > Dear Vijay, > > > I guess I took this off the list. It's OT, in my oppinion. > > Oh. Anywhere more appropriate to send it to that you could suggest at all? > Now also trying freebsd-geom - would that have been the better place to > send this to to start with? > > > I don't know much of anything about data recovery. But, if you can > > recover data under 20 layers of random writes or 20 iterations of 0s, > > then how *can* you wipe a hard drive? Short, preferably, of setting fire > > to it :D > While i am not an expert in this area, I can not help but wonder--- Who are you worried about recovering the data, under what circumstances? My best guess is that recovering anything from even _one_ data over-write is going to require that the recoverer have physical posession of the drive and very sophisticated equipment indeed. That means they have to be some branch of a govermnment. If you are going to attract attention of that caliber there are likely a lot of other easier means of finding out what you are up to. Otherwise, a good hot fire ought to be pretty final even for the CIA. -LenZ- > Sigh, tricky, yes. Apparently wiping with >20 repeats of random noise does > the trick (say from /dev/random or arc4random generated). The difficulty > with modern file systems / operating systems / disk drives is actually > getting the patterns written to the magnetic media. > > I'm writing to the list because both assessing whether there really is a > risk and how to fix it requires quite a bot of knowledge that I lack, like > knowing where to look in the gbde code (maybe I misunderstood?), or writing > code that is disk driver/hardware caching aware and can hence force a > flush. > > I'd be most grateful for any help or suggestions. > > With best regards, > > David. > > > > Hi, > > > > > >> From what I can see so far, they are simply overwritten with zeros - > > >> is that > > > > > > right? If so, the blackening feature would be much weakend, as once can > > > read > > > up to 20 layers of data even under random data (and more under zeros). > > > I would > > > be most grateful for comments, or suggestions of where/how one could > > > extend > > > the code to do a secure wip of the key areas. Also, I know practically > > > nothing > > > of how I could to best get FreeBSD to physically write to disk > > > (configurability of hardware cache etc permitting). > > > > > > With best regards, > > > > > > David. > > > > > >> Hello, > > >> > > >> I was wondering whether someone knowledgable about gbde internals > > >> could tell > > >> me how the keys are being destroyed on request under the "blackening > > >> feature". > > >> Ideally, I'd like them to be overwritten with random data at least 20 > > >> times > > >> independently, but I suspect it may well be done in a different way. > > >> I'd be > > >> grateful for learning how the blackening works (and why!). > > >> > > >> With many thanks for your help in advance, > > >> > > >> David Kreil. > > > > > > ----------------------------------------------------------------------- > > >- Dr David Philip Kreil ("`-''-/").___..--''"`-._ > > > Research Fellow `6_ 6 ) `-. ( ).`-.__.`) > > > University of Cambridge (_Y_.)' ._ ) `._ `. ``-..-' > > > ++44 1223 764107, fax 333992 _..`--'_..-_/ /--'_.' ,' > > > www.inference.phy.cam.ac.uk/dpk20 (il),-'' (li),' ((!.-' > > > > > > > > > _______________________________________________ > > > freebsd-questions@freebsd.org mailing list > > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > > To unsubscribe, send any mail to > > > "freebsd-questions-unsubscribe@freebsd.org" > > > > -- > > Using Opera's revolutionary e-mail client: http://www.opera.com/m2/ > > ------------------------------------------------------------------------ > Dr David Philip Kreil ("`-''-/").___..--''"`-._ > Research Fellow `6_ 6 ) `-. ( ).`-.__.`) > University of Cambridge (_Y_.)' ._ ) `._ `. ``-..-' > ++44 1223 764107, fax 333992 _..`--'_..-_/ /--'_.' ,' > www.inference.phy.cam.ac.uk/dpk20 (il),-'' (li),' ((!.-' > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"