Date: Fri, 21 May 1999 00:42:02 -0600 From: Wes Peters <wes@softweyr.com> To: Darren Reed <darrenr@reed.wattle.id.au> Cc: freebsd-security@FreeBSD.ORG Subject: Re: secure deletion Message-ID: <3745003A.874424CD@softweyr.com> References: <199905201013.UAA12994@avalon.reed.wattle.id.au>
index | next in thread | previous in thread | raw e-mail
Darren Reed wrote:
>
> So properly in this case means using memset rather than bzero and a
> variable number of passes, correct (with perhaps a programmable pattern) ?
> Being able to verify that the file's contents get nuked to the value the
> pass is meant to have set it to might be worthwhile.
>
> After the first pass, I'm not sure that there is any meaningful addition
> to the security of the erased data.
You're wrong here.
> Access to sophisticated machinery is required to circumvent it,
Any anyone with $100 has access to that machinery -- disk recovery houses.
In some cases, you can read it from an ordinary controller; overwriting
disk blocks with zeros often doesn't erase the one bits enough to keep
the head from reading back the same you to were trying to overwrite.
> but if that is what you're trying to protect
> against then why fool yourself by deploying a level of security that is
> known to be less than Government bodies who physically destroying disks.
>
> I don't think you understand the problem properly if you think it can be
> coded "correctly" - what you're proposing just isn't possible via software
> where one overwrite is pretty much as good as multiple.
But one overwrite isn't anywhere near as good as multiples, especially if
you pay a little attention to how disk drives actually record data. The
real key is to rotate the individual bits between 1 and 0 multiple times
so you are erasing deeply into the recording media and not leaving
"generations" of data on the platter.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
http://www.softweyr.com/~softweyr wes@softweyr.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3745003A.874424CD>