From owner-freebsd-geom@FreeBSD.ORG Fri Sep 3 23:18:41 2004 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C326716A4CE; Fri, 3 Sep 2004 23:18:41 +0000 (GMT) Received: from maui.ebi.ac.uk (maui.ebi.ac.uk [193.62.196.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id B8C4C43D4C; Fri, 3 Sep 2004 23:18:40 +0000 (GMT) (envelope-from kreil@ebi.ac.uk) Received: from puffin.ebi.ac.uk (puffin.ebi.ac.uk [193.62.196.89]) by maui.ebi.ac.uk (8.11.7+Sun/8.11.7) with ESMTP id i83NIdF28852; Sat, 4 Sep 2004 00:18:39 +0100 (BST) Received: from puffin.ebi.ac.uk (kreil@localhost) by puffin.ebi.ac.uk (8.11.6/8.11.6) with ESMTP id i83NIcu05679; Sat, 4 Sep 2004 00:18:38 +0100 Message-Id: <200409032318.i83NIcu05679@puffin.ebi.ac.uk> X-Mailer: exmh version 2.4 06/23/2000 with nmh-1.0.4 To: "Vijay Kaul" , freebsd-fs@freebsd.org, freebsd-questions@freebsd.org, freebsd-geom@freebsd.org In-Reply-To: Your message of "Fri, 03 Sep 2004 18:05:14 CDT." X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 04 Sep 2004 00:18:38 +0100 From: David Kreil X-EBI-Information: This email is scanned using www.mailscanner.info. X-EBI: Found to be clean X-EBI-SpamCheck: not spam, SpamAssassin (score=-8, required 5, HABEAS_SWE -8.00) cc: David Kreil Subject: Re: gbde blackening feature - how can on disk keys be "destroyed" thoroughly? X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Sep 2004 23:18:42 -0000 Dear Vijay, > I guess I took this off the list. It's OT, in my oppinion. Oh. Anywhere more appropriate to send it to that you could suggest at all? Now also trying freebsd-geom - would that have been the better place to send this to to start with? > I don't know much of anything about data recovery. But, if you can recover > data under 20 layers of random writes or 20 iterations of 0s, then how > *can* you wipe a hard drive? Short, preferably, of setting fire to it :D Sigh, tricky, yes. Apparently wiping with >20 repeats of random noise does the trick (say from /dev/random or arc4random generated). The difficulty with modern file systems / operating systems / disk drives is actually getting the patterns written to the magnetic media. I'm writing to the list because both assessing whether there really is a risk and how to fix it requires quite a bot of knowledge that I lack, like knowing where to look in the gbde code (maybe I misunderstood?), or writing code that is disk driver/hardware caching aware and can hence force a flush. I'd be most grateful for any help or suggestions. With best regards, David. > > > > Hi, > > > >> From what I can see so far, they are simply overwritten with zeros - is > >> that > > right? If so, the blackening feature would be much weakend, as once can > > read > > up to 20 layers of data even under random data (and more under zeros). I > > would > > be most grateful for comments, or suggestions of where/how one could > > extend > > the code to do a secure wip of the key areas. Also, I know practically > > nothing > > of how I could to best get FreeBSD to physically write to disk > > (configurability of hardware cache etc permitting). > > > > With best regards, > > > > David. > > > >> > >> Hello, > >> > >> I was wondering whether someone knowledgable about gbde internals could > >> tell > >> me how the keys are being destroyed on request under the "blackening > >> feature". > >> Ideally, I'd like them to be overwritten with random data at least 20 > >> times > >> independently, but I suspect it may well be done in a different way. > >> I'd be > >> grateful for learning how the blackening works (and why!). > >> > >> With many thanks for your help in advance, > >> > >> David Kreil. > >> > > > > ------------------------------------------------------------------------ > > Dr David Philip Kreil ("`-''-/").___..--''"`-._ > > Research Fellow `6_ 6 ) `-. ( ).`-.__.`) > > University of Cambridge (_Y_.)' ._ ) `._ `. ``-..-' > > ++44 1223 764107, fax 333992 _..`--'_..-_/ /--'_.' ,' > > www.inference.phy.cam.ac.uk/dpk20 (il),-'' (li),' ((!.-' > > > > > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to > > "freebsd-questions-unsubscribe@freebsd.org" > > > > -- > Using Opera's revolutionary e-mail client: http://www.opera.com/m2/ > ------------------------------------------------------------------------ Dr David Philip Kreil ("`-''-/").___..--''"`-._ Research Fellow `6_ 6 ) `-. ( ).`-.__.`) University of Cambridge (_Y_.)' ._ ) `._ `. ``-..-' ++44 1223 764107, fax 333992 _..`--'_..-_/ /--'_.' ,' www.inference.phy.cam.ac.uk/dpk20 (il),-'' (li),' ((!.-'