From owner-freebsd-fs@FreeBSD.ORG Wed Apr 27 21:17:58 2005 Return-Path: Delivered-To: freebsd-fs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CBDC316A4CE for ; Wed, 27 Apr 2005 21:17:58 +0000 (GMT) Received: from bgo1smout1.broadpark.no (bgo1smout1.broadpark.no [217.13.4.94]) by mx1.FreeBSD.org (Postfix) with ESMTP id 47A5A43D1F for ; Wed, 27 Apr 2005 21:17:58 +0000 (GMT) (envelope-from des@des.no) Received: from bgo1sminn1.broadpark.no ([217.13.4.93]) by bgo1smout1.broadpark.no (Sun Java System Messaging Server 6.1 HotFix 0.05 (built Oct 21 2004)) with ESMTP id <0IFM00MQ1IWCZ270@bgo1smout1.broadpark.no> for freebsd-fs@freebsd.org; Wed, 27 Apr 2005 23:12:12 +0200 (CEST) Received: from dsa.des.no ([80.203.228.37]) by bgo1sminn1.broadpark.no (Sun Java System Messaging Server 6.1 HotFix 0.05 (built Oct 21 2004)) with ESMTP id <0IFM003IMJ7JIB30@bgo1sminn1.broadpark.no> for freebsd-fs@freebsd.org; Wed, 27 Apr 2005 23:18:55 +0200 (CEST) Received: by dsa.des.no (Pony Express, from userid 666) id 515544516B; Wed, 27 Apr 2005 23:17:56 +0200 (CEST) Received: from xps.des.no (xps.des.no [10.0.0.12]) by dsa.des.no (Pony Express) with ESMTP id AEA9845171; Wed, 27 Apr 2005 23:17:50 +0200 (CEST) Received: by xps.des.no (Postfix, from userid 1001) id A0E5933C09; Wed, 27 Apr 2005 23:17:50 +0200 (CEST) Date: Wed, 27 Apr 2005 23:17:50 +0200 From: des@des.no (=?iso-8859-1?q?Dag-Erling_Sm=F8rgrav?=) In-reply-to: <200504271918.PAA05842@parse.com> To: Robert Krten Message-id: <867jin2a2p.fsf@xps.des.no> MIME-version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: quoted-printable X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on dsa.des.no References: <200504271918.PAA05842@parse.com> User-Agent: Gnus/5.110002 (No Gnus v0.2) Emacs/21.3 (berkeley-unix) X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED,AWL autolearn=disabled version=3.0.2 X-Spam-Level: cc: freebsd-fs@freebsd.org Subject: Re: Background block scrubbing X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Apr 2005 21:17:58 -0000 "Robert Krten" writes: > Is there a utility that does background unused block scrubbing? > > What I'm thinking of is something that looks for unused blocks on the > disk, and then writes zeros, then random, then more random, etc, to them > for security applications. That's not how it's done. Here's a good explanation of how to do it and why it must be done that way: http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html > It would need to have some cooperation from the filesystem so that it cou= ld > lock down a block (or ten, or some number) at a time that it could then go > and "scrub" during idle periods... Since it would only allocate a few > blocks at a time, it wouldn't need to have a mechanism to release them (I= MHO). To do this safely, you have to first scrub the entire disk before partitioning / newfsing it, and when the disk is in use, scrub every single block that has held data but no longer does as soon as it is deallocated, and before reporting the I/O operation complete to the filesystem. Performance would be abysmal (it takes 35 passes to fully scrub each block), so in real life you'd be better off encrypting the disk (using gbde or something similar), and only scrubbing or bulk erasing it when you decomission it. DES --=20 Dag-Erling Sm=F8rgrav - des@des.no