Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 21 May 1999 00:42:02 -0600
From:      Wes Peters <wes@softweyr.com>
To:        Darren Reed <darrenr@reed.wattle.id.au>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: secure deletion
Message-ID:  <3745003A.874424CD@softweyr.com>
References:  <199905201013.UAA12994@avalon.reed.wattle.id.au>
next in thread | previous in thread | raw e-mail | index | archive | help 
Darren Reed wrote:
> 
> So properly in this case means using memset rather than bzero and a
> variable number of passes, correct (with perhaps a programmable pattern) ?
> Being able to verify that the file's contents get nuked to the value the
> pass is meant to have set it to might be worthwhile.
> 
> After the first pass, I'm not sure that there is any meaningful addition
> to the security of the erased data. 

You're wrong here.

> Access to sophisticated machinery is required to circumvent it,

Any anyone with $100 has access to that machinery -- disk recovery houses.
In some cases, you can read it from an ordinary controller; overwriting
disk blocks with zeros often doesn't erase the one bits enough to keep
the head from reading back the same you to were trying to overwrite.

> but if that is what you're trying to protect
> against then why fool yourself by deploying a level of security that is
> known to be less than Government bodies who physically destroying disks.
> 
> I don't think you understand the problem properly if you think it can be
> coded "correctly" - what you're proposing just isn't possible via software
> where one overwrite is pretty much as good as multiple.

But one overwrite isn't anywhere near as good as multiples, especially if
you pay a little attention to how disk drives actually record data.  The
real key is to rotate the individual bits between 1 and 0 multiple times
so you are erasing deeply into the recording media and not leaving
"generations" of data on the platter.

-- 
       "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                 Softweyr LLC
http://www.softweyr.com/~softweyr                      wes@softweyr.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3745003A.874424CD>