Date: Fri, 3 Sep 2004 19:41:18 -0400 From: Len Zettel <zettel@acm.org> To: freebsd-questions@freebsd.org Cc: Vijay Kaul <vkaul@ma.rr.com> Subject: Re: gbde blackening feature - how can on disk keys be "destroyed" thoroughly? Message-ID: <200409031941.18668.zettel@acm.org> In-Reply-To: <200409032318.i83NIcu05679@puffin.ebi.ac.uk> References: <200409032318.i83NIcu05679@puffin.ebi.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 03 September 2004 07:18 pm, David Kreil wrote:
> Dear Vijay,
>
> > I guess I took this off the list. It's OT, in my oppinion.
>
> Oh. Anywhere more appropriate to send it to that you could suggest at all?
> Now also trying freebsd-geom - would that have been the better place to
> send this to to start with?
>
> > I don't know much of anything about data recovery. But, if you can
> > recover data under 20 layers of random writes or 20 iterations of 0s,
> > then how *can* you wipe a hard drive? Short, preferably, of setting fire
> > to it :D
>
While i am not an expert in this area, I can not help but wonder---
Who are you worried about recovering the data, under what
circumstances? My best guess is that recovering anything from
even _one_ data over-write is going to require that the recoverer have
physical posession of the drive and very sophisticated equipment
indeed. That means they have to be some branch of a govermnment.
If you are going to attract attention of that caliber there are likely a lot
of other easier means of finding out what you are up to. Otherwise, a
good hot fire ought to be pretty final even for the CIA.
-LenZ-
> Sigh, tricky, yes. Apparently wiping with >20 repeats of random noise does
> the trick (say from /dev/random or arc4random generated). The difficulty
> with modern file systems / operating systems / disk drives is actually
> getting the patterns written to the magnetic media.
>
> I'm writing to the list because both assessing whether there really is a
> risk and how to fix it requires quite a bot of knowledge that I lack, like
> knowing where to look in the gbde code (maybe I misunderstood?), or writing
> code that is disk driver/hardware caching aware and can hence force a
> flush.
>
> I'd be most grateful for any help or suggestions.
>
> With best regards,
>
> David.
>
> > > Hi,
> > >
> > >> From what I can see so far, they are simply overwritten with zeros -
> > >> is that
> > >
> > > right? If so, the blackening feature would be much weakend, as once can
> > > read
> > > up to 20 layers of data even under random data (and more under zeros).
> > > I would
> > > be most grateful for comments, or suggestions of where/how one could
> > > extend
> > > the code to do a secure wip of the key areas. Also, I know practically
> > > nothing
> > > of how I could to best get FreeBSD to physically write to disk
> > > (configurability of hardware cache etc permitting).
> > >
> > > With best regards,
> > >
> > > David.
> > >
> > >> Hello,
> > >>
> > >> I was wondering whether someone knowledgable about gbde internals
> > >> could tell
> > >> me how the keys are being destroyed on request under the "blackening
> > >> feature".
> > >> Ideally, I'd like them to be overwritten with random data at least 20
> > >> times
> > >> independently, but I suspect it may well be done in a different way.
> > >> I'd be
> > >> grateful for learning how the blackening works (and why!).
> > >>
> > >> With many thanks for your help in advance,
> > >>
> > >> David Kreil.
> > >
> > > -----------------------------------------------------------------------
> > >- Dr David Philip Kreil ("`-''-/").___..--''"`-._
> > > Research Fellow `6_ 6 ) `-. ( ).`-.__.`)
> > > University of Cambridge (_Y_.)' ._ ) `._ `. ``-..-'
> > > ++44 1223 764107, fax 333992 _..`--'_..-_/ /--'_.' ,'
> > > www.inference.phy.cam.ac.uk/dpk20 (il),-'' (li),' ((!.-'
> > >
> > >
> > > _______________________________________________
> > > freebsd-questions@freebsd.org mailing list
> > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > > To unsubscribe, send any mail to
> > > "freebsd-questions-unsubscribe@freebsd.org"
> >
> > --
> > Using Opera's revolutionary e-mail client: http://www.opera.com/m2/
>
> ------------------------------------------------------------------------
> Dr David Philip Kreil ("`-''-/").___..--''"`-._
> Research Fellow `6_ 6 ) `-. ( ).`-.__.`)
> University of Cambridge (_Y_.)' ._ ) `._ `. ``-..-'
> ++44 1223 764107, fax 333992 _..`--'_..-_/ /--'_.' ,'
> www.inference.phy.cam.ac.uk/dpk20 (il),-'' (li),' ((!.-'
>
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200409031941.18668.zettel>