Date: Thu, 18 Nov 1999 14:57:07 -0700 From: Wes Peters <wes@softweyr.com> To: Barrett Richardson <barrett@phoenix.aye.net> Cc: Kris Kennaway <kris@hub.freebsd.org>, TrouBle <trouble@netquick.net>, David G Andersen <danderse@cs.utah.edu>, freebsd-security@FreeBSD.ORG Subject: Re: secure filesystem wiping Message-ID: <38347633.22E76DE0@softweyr.com> References: <Pine.BSF.4.01.9911181153280.26794-100000@phoenix.aye.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Barrett Richardson wrote:
>
> On Wed, 17 Nov 1999, Kris Kennaway wrote:
>
> > On Thu, 18 Nov 1999, TrouBle wrote:
> >
> > > obliterate only wipes the one file you specify.. i want to wipe all the
> > > free space on the disk, without damaging good intact files on it, linux
> > > has a progrtam called wipe that does this, now ill ask again is there
> > > something similiar for freebsd
> >
> > dd if=/dev/zero of=/usr/bigfile || rm -f /usr/bigfile
> >
> > Replace /dev/zero with /dev/urandom according to taste.
> >
> > Kris
> >
>
> Excellant idea, and simple. The problem with modern encoding formats
> is that the previous layer is still somewhat recoverable, and sometimes
> layers before that. The obliterate program overwrites with carefully
> chosen patterns intended to obscure the residual stray magnetic fields
> left by previously written data.
>
> A file that big will be a problem for obliterate though, it'll have to
> be done in strips.
I've tested obliterate on some rather large files (250 MB) and it exhausts
the system entropy pool very quickly, even on a system with a busy network.
Does anyone make a hardware entropy device? ;^)
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
wes@softweyr.com http://softweyr.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38347633.22E76DE0>