Date: Fri, 15 Jul 2005 13:58:09 +0200 (CEST) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-fs@FreeBSD.ORG Subject: Re: gbde blackening feature - how can on disk keys be "destroyed" thoroughly? Message-ID: <200507151158.j6FBw96T011930@lurza.secnetix.de> In-Reply-To: <200507151014.j6FAEDt02003@parrot.ebi.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
David Kreil <kreil@ebi.ac.uk> wrote: > [...] > So, even if one doesn't know how to disable device caching, if a typical disk > cash is 8MB, I suppose one could flush it through by writing 20MB. so, if one > has |key|20MB bla| on disk and one wrote |random|20MB bla| that should ge the > "random" bits overwriting the key on disk (but for hardware level sector > remapping but that is a rare event). One would have to bypass the operating > system cache though but I guess you would know how to do that, right? > This should take less than 1s on a modern disk, i.e., less than half a minute > for the entire procedure, x4 = 1-2 minutes, which should be fast enough for a > final destruction. That sounds like you want to overwrite the same location on the disk more than a hundred times. That's not even paranoid, it's completely pointless. I suggest you read this document, ESPECIALLY the section "Epilogue" near the end: http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html It suggests that -- with any modern hard disk drive -- a few passes (say three) of overwriting with random data are completely sufficient. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co KG, Marktplatz 29, 85567 Grafing Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "I invented Ctrl-Alt-Delete, but Bill Gates made it famous." -- David Bradley, original IBM PC design team
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200507151158.j6FBw96T011930>