Date: Thu, 28 Apr 2005 18:26:21 -0400 From: David Schultz <das@FreeBSD.ORG> To: Arne WXrner <arne_woerner@yahoo.com> Cc: Robert Krten <root@parse.com> Subject: Re: Background block scrubbing Message-ID: <20050428222621.GA18634@VARK.MIT.EDU> In-Reply-To: <20050428140249.88064.qmail@web41203.mail.yahoo.com> References: <200504281304.JAA02215@parse.com> <20050428140249.88064.qmail@web41203.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Apr 28, 2005, Arne WXrner wrote: > --- Robert Krten <root@parse.com> wrote: > > =?iso-8859-1?q?Dag-Erling_Sm=F8rgrav?= sez... > > > "Robert Krten" <root@parse.com> writes: > > > > Is there a utility that does background unused block > > > > scrubbing? > > > > > > > > What I'm thinking of is something that looks for unused > > > > blocks on the > > > > disk, and then writes zeros, then random, then more > > > > random, etc, to them for security applications. > > > > > > That's not how it's done. Here's a good explanation of how > > > to do it and why it must be done that way: > > > > > > http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html > > > I think, that article dramatizes the problem a little, because: It > says itself in the end, that with modern hard discs writing random > data would be enough (so it is just 8 or so; I did not read the > whole article and I am not so good in such things, but I do not If you're truly paranoid, 1000 rewrites isn't enough. Consider, for instance, that when the disk encounters problems reading a particular sector, it will automatically reallocate that (logical) sector somewhere else. Hence, the original sensitive information remains on the disk no matter how many times the OS tells the disk to write over the sector. Furthermore, the firmware programs on modern high-end disk arrays are just like operating systems in the sense they have their own bugs, race conditions, etc. Misdirected and phantom writes, however rare, can also expose your secret data. If you're going to write your data to disk unencrypted, you have to trust that everything from the OS I/O path to the device driver to the disk controller to the disk is working correctly. By simply using encryption, you can save on all of those rewrites with random garbage and at the same time take a lot out of the trusted computing base.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050428222621.GA18634>