Date: Thu, 20 May 1999 10:57:52 -0400 From: "Patrick Bihan-Faou" <patrick@mindstep.com> To: Darren Reed <darrenr@reed.wattle.id.au>, Gregory Sutter <gsutter@pobox.com> Cc: darrenr@reed.wattle.id.au, wes@softweyr.com, imp@harmony.village.org, ilmar@ints.ru, posix1e@cyrus.watson.org, freebsd-security@FreeBSD.ORG Subject: Re: secure deletion Message-ID: <19990520145800.B5E31150AF@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
In some email I received, Darren Reed wrote: > I don't think you understand the problem properly if you think it can be > coded "correctly" - what you're proposing just isn't possible via software > where one overwrite is pretty much as good as multiple. I agree with that last statement. An implementation on FreeBSD probably does not need to write multiple times to the disk. The added security in that case will not matter. What I think is the issue is how much security people are seeking. You can see several levels: - none: files are deleted the way they are now, and it is fine. The mechanism provided by FreeBSD when reallocating the disk blocks are good enough to ensure the level of confidentiality we are looking after. - basic: what the original poster was suggesting: writing garbage data (be it zero or some pattern) over the deleted chunks. The clear advantage of that is that if you try to recover the freed blocks on a system comparable to the original system, you will probably not get anything useful out of the disk. - thorough: what government agencies do: physically destroy the disk. But this is not really practical when you just intend to erase a single file... In defense of the "basic" mechanism, I can see people getting worried that by just running some program on a disk people can recover data that they would wish gone for good. I am not talking about an organization that could use all the funky hardware that would be required to fin the remanence of the magnetic trace left by the data that was on the disk 20 writes ago, but just somebody pulling the disk into another system on running recovery programs. I don't think the original poster was considering applications with very tight security requirements (like the government may have in some cases). But more protection against "casual" hackers (if a such thing exists). Just my 2 cents, Have a nice day. Patrick. -- Et les Shadoks pompaient... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990520145800.B5E31150AF>