From owner-freebsd-questions@FreeBSD.ORG Sat Sep 4 08:03:36 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 45A9516A4CF; Sat, 4 Sep 2004 08:03:36 +0000 (GMT) Received: from phk.freebsd.dk (phk.freebsd.dk [212.242.86.171]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7F87743D2F; Sat, 4 Sep 2004 08:03:35 +0000 (GMT) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk ([195.176.4.36]) by phk.freebsd.dk (8.12.10/8.12.10) with ESMTP id i8483H3r007000; Sat, 4 Sep 2004 08:03:32 GMT (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.13.1/8.13.1) with ESMTP id i8483BVM006639; Sat, 4 Sep 2004 10:03:11 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: David Kreil From: "Poul-Henning Kamp" In-Reply-To: Your message of "Fri, 03 Sep 2004 23:43:56 BST." <200409032243.i83MhuA02066@puffin.ebi.ac.uk> Date: Sat, 04 Sep 2004 10:03:11 +0200 Message-ID: <6638.1094284991@critter.freebsd.dk> Sender: phk@critter.freebsd.dk cc: freebsd-fs@freebsd.org cc: freebsd-questions@freebsd.org Subject: Re: gbde blackening feature - how can on disk keys be "destroyed" thoroughly? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Sep 2004 08:03:36 -0000 In message <200409032243.i83MhuA02066@puffin.ebi.ac.uk>, David Kreil writes: > >Hi, > >>From what I can see so far, they are simply overwritten with zeros - is that >right? If so, the blackening feature would be much weakend, as once can read >up to 20 layers of data even under random data (and more under zeros). I would >be most grateful for comments, or suggestions of where/how one could extend >the code to do a secure wip of the key areas. Also, I know practically nothing >of how I could to best get FreeBSD to physically write to disk >(configurability of hardware cache etc permitting). On a modern disk there is no sequence of writes that will guarantee you that your data is iretriveable lost. Even if you rewrite a thousand times, you cannot guard yourself against the sector being replaced by a bad block spare after the first write. If your threat-analysis indicates this is a serious threat for you, you should arrange for simple physical destruction of your disk to be available. Most modern disks have one or more holes in the metal only covered by a metalic sticker. Pouring sulfuric acid through those openings is a good start. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.