From owner-freebsd-security Thu Nov 18 20:55:13 1999 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id A99FD14CB0; Thu, 18 Nov 1999 20:55:10 -0800 (PST) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id XAA42975; Thu, 18 Nov 1999 23:54:58 -0500 (EST) (envelope-from wollman) Date: Thu, 18 Nov 1999 23:54:58 -0500 (EST) From: Garrett Wollman Message-Id: <199911190454.XAA42975@khavrinen.lcs.mit.edu> To: Barrett Richardson Cc: Wes Peters , Kris Kennaway , TrouBle , David G Andersen , freebsd-security@FreeBSD.ORG Subject: Re: secure filesystem wiping In-Reply-To: References: <38347633.22E76DE0@softweyr.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > How about pseudo-random data? Aren't the passes with random data just > a little extra icing? The random(3) PRNG has a period of 2^69 (in its most secure mode), so I'd suggest that it probably is good enough. Just initialize thusly: static char statebuf[256]; initstate(1, statebuf, sizeof statebuf); srandomdev(); > Also, will my system choke if I mmap a 250 MB file on a system > with 32 MB of ram? Not at all. Demand paging works just the same for files as it does for swap. If you look at the output of `systat -v', you'll probably see that you already have many times the size of main memory mapped -- on my 64-MB desktop machine, I have almost 3 GB of extant memory mappings. It is possible, though, that madvise(..., MADV_SEQUENTIAL) might give better behavior. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message