Date: Thu, 20 May 1999 16:42:26 +0100 (BST) From: Kiril Mitev <kiril@ideaglobal.com> To: patrick@mindstep.com (Patrick Bihan-Faou) Cc: darrenr@reed.wattle.id.au, gsutter@pobox.com, wes@softweyr.com, imp@harmony.village.org, ilmar@ints.ru, posix1e@cyrus.watson.org, freebsd-security@FreeBSD.ORG Subject: Re: secure deletion Message-ID: <199905201542.QAA25977@idea.co.uk> In-Reply-To: <19990520145800.B5E31150AF@hub.freebsd.org> from "Patrick Bihan-Faou" at May 20, 99 10:57:52 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > In some email I received, Darren Reed wrote: > > > I don't think you understand the problem properly if you think it can be > > coded "correctly" - what you're proposing just isn't possible via software > > where one overwrite is pretty much as good as multiple. > > I agree with that last statement. An implementation on FreeBSD probably does > not need to write multiple times to the disk. The added security in that > case will not matter. What I think is the issue is how much security people > are seeking. You can see several levels: > > - none: files are deleted the way they are now, and it is fine. The > mechanism provided by FreeBSD when reallocating the disk blocks are good > enough to ensure the level of confidentiality we are looking after. > > - basic: what the original poster was suggesting: writing garbage data (be > it zero or some pattern) over the deleted chunks. The clear advantage of > that is that if you try to recover the freed blocks on a system comparable > to the original system, you will probably not get anything useful out of the > disk. > > - thorough: what government agencies do: physically destroy the disk. But > this is not really practical when you just intend to erase a single file... > > In defense of the "basic" mechanism, I can see people getting worried that > by just running some program on a disk people can recover data that they > would wish gone for good. I am not talking about an organization that could > use all the funky hardware that would be required to fin the remanence of > the magnetic trace left by the data that was on the disk 20 writes ago, but > just somebody pulling the disk into another system on running recovery > programs. > > I don't think the original poster was considering applications with very > tight security requirements (like the government may have in some cases). > But more protection against "casual" hackers (if a such thing exists). <me too=not> well, not to split hairs, but if you (1) ARE worried about your disk being put into another machine to be read by recovery tools, -> then, you are probably worried about physical access to hardware -> then you (theoretically) should be worried about locking up your hardware, rather than wiping your disk :-0 ==== (1) you the generic user, not you Patrick > Just my 2 cents, > > > Have a nice day. > > > Patrick. > > -- > Et les Shadoks pompaient... > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199905201542.QAA25977>