Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 05 Sep 2004 15:26:42 +0100
From:      David Kreil <kreil@ebi.ac.uk>
To:        "Poul-Henning Kamp" <phk@phk.freebsd.dk>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: gbde blackening feature - how can on disk keys be "destroyed"  thoroughly?
Message-ID:  <200409051426.i85EQgB18118@puffin.ebi.ac.uk>
In-Reply-To: Your message of "Sun, 05 Sep 2004 14:13:52 %2B0200." <25405.1094386432@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help 

Dear Poul-Henning,

> >> On a modern disk there is no sequence of writes that will guarantee
> >> you that your data is iretriveable lost.
> >> Even if you rewrite a thousand times, you cannot guard yourself against
> >> the sector being replaced by a bad block spare after the first write.
> >
> >Good point. In the rare chance event that this happens, it would indeed be
> >bad 
> >news as an attacker would then only have to scan the bad blocks for possible 
> >copies of the key.
> 
> He still has no way of recognizing the key though...

Right, he'd have to try them all.

> >A simple improvement on the present situation would already be if
> >the keys were not overwritten with zeros but with random bits. I
> >don't know how difficult it would be to attempt to physically write
> >random bits multiple times but it would much strengthen the feature
> >apart from the rare cases when the sectors of the masterkey have
> >been remapped into bad blocks.
> 
> Please read the paper, there is a reason why it is zero bits.

Sorry, forgot.

> >What do you think? Is the required effort disproportional to the
> >intended value of the blackening feature?
> 
> Blackening adds no significant incremental security imo,

>From a security point of vie, yes. From a social/civil-liberties/legal point 
of view, I felt it was an excellent thing to have.

> on the
> other hand it is feasible to implement it, so I've put it on the
> todo list.

That's great, thanks a lot!

With best regards,

David.


------------------------------------------------------------------------
Dr David Philip Kreil                 ("`-''-/").___..--''"`-._
Research Fellow                        `6_ 6  )   `-.  (     ).`-.__.`)
University of Cambridge                (_Y_.)'  ._   )  `._ `. ``-..-'
++44 1223 764107, fax 333992         _..`--'_..-_/  /--'_.' ,'
www.inference.phy.cam.ac.uk/dpk20   (il),-''  (li),'  ((!.-'

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200409051426.i85EQgB18118>