From owner-freebsd-security Thu Nov 18 14: 6: 3 1999 Delivered-To: freebsd-security@freebsd.org Received: from angelsguardian.netquick.net (angelsguardian.netquick.net [199.72.47.239]) by hub.freebsd.org (Postfix) with ESMTP id F0EAF15193; Thu, 18 Nov 1999 14:05:53 -0800 (PST) (envelope-from trouble@netquick.net) Received: from localhost ([127.0.0.1] helo=netquick.net) by angelsguardian.netquick.net with esmtp (Exim 3.03 #1) id 11oZh5-000Lxb-00; Thu, 18 Nov 1999 17:06:19 -0500 Message-ID: <3834785B.D1A99603@netquick.net> Date: Thu, 18 Nov 1999 17:06:19 -0500 From: TrouBle Reply-To: trouble@netquick.net Organization: Hacked Furbies X-Mailer: Mozilla 4.7 [en] (X11; I; FreeBSD 3.3-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Wes Peters Cc: Barrett Richardson , David G Andersen , freebsd-questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: secure filesystem wiping References: <38347544.3D50A536@softweyr.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org will you all take a look at this, this is what i am looking for!! Wipe is a tool that effectively degauses the surface of a hard disk, making it virtually impossible to retrieve the data that was stored on it. This is the ultimate in making sure secure data that is erased from a hard drive is unrecoverable. wipe by Tom Vier Wipe is a secure file wiping utility. However, it does not set the media access bit on scsi commands, therefore it is not 100% secure, unless your drive has no write cache. For maximum security, disable drive write cache on scsi mode page 8. If possible, disable operating system file cache and driver-level buffers. Wipe tries to sync the data to disk via a call to fdatasync(), fsync(), or using O_SYNC. Under linux, the mount option "mand" must be used (see /usr/src/linux/Documentation/mandatory.txt) for mandatory file locks to be enabled. Wipe should make it extremely difficult for all but the most determined person(s) to recover the original plaintext data. Utilities such as PGP and the GNU Privacy Guard provide strong encryption, but encryption is useless if the original plaintext can be recovered. Wipe uses /dev/urandom, or if unavailable, /dev/random, as a source for entropy. The tiger hash is used for speed. More information on the tiger hash algorithm is at: http://www.cs.technion.ac.il/~biham/Reports/Tiger/ > > Or ftp://ftp.xmission.com/pub/users/s/softweyr/pub/obliterate-0.3.tgz > if you prefer. I swear I'm going to wrap a port-kit around this and > commit it one of these days. Honest! > > Actually, this afternoon is looking good for that. > > Comments, jeers, applause, and especially money to wes@softweyr.com. ;^) Windows 95 (win-DOH-z), n. A thirty-two bit extension and graphical shell to a sixteen bit patch to an eight bit operating system originally coded for a four bit microprocessor which was used in a PC built by a formerly two bit company that couldn't stand one bit of competition. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message