From owner-freebsd-fs@FreeBSD.ORG Sat Sep 4 00:36:52 2004 Return-Path: Delivered-To: freebsd-fs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 87B9416A4CE; Sat, 4 Sep 2004 00:36:52 +0000 (GMT) Received: from maui.ebi.ac.uk (maui.ebi.ac.uk [193.62.196.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id DF76E43D48; Sat, 4 Sep 2004 00:36:50 +0000 (GMT) (envelope-from kreil@ebi.ac.uk) Received: from puffin.ebi.ac.uk (puffin.ebi.ac.uk [193.62.196.89]) by maui.ebi.ac.uk (8.11.7+Sun/8.11.7) with ESMTP id i840alF08011; Sat, 4 Sep 2004 01:36:47 +0100 (BST) Received: from puffin.ebi.ac.uk (kreil@localhost) by puffin.ebi.ac.uk (8.11.6/8.11.6) with ESMTP id i840ahM15268; Sat, 4 Sep 2004 01:36:43 +0100 Message-Id: <200409040036.i840ahM15268@puffin.ebi.ac.uk> X-Mailer: exmh version 2.4 06/23/2000 with nmh-1.0.4 To: Len Zettel In-Reply-To: Your message of "Fri, 03 Sep 2004 19:41:18 EDT." <200409031941.18668.zettel@acm.org> X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 04 Sep 2004 01:36:43 +0100 From: David Kreil X-EBI-Information: This email is scanned using www.mailscanner.info. X-EBI: Found to be clean X-EBI-SpamCheck: not spam, SpamAssassin (score=-8, required 5, HABEAS_SWE -8.00) cc: freebsd-fs@freebsd.org cc: David Kreil cc: freebsd-geom@freebsd.org cc: freebsd-questions@freebsd.org cc: Vijay Kaul Subject: Re: gbde blackening feature - how can on-disk keys be "destroyed" thoroughly? X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Sep 2004 00:36:52 -0000 Dear LenZ, > Who are you worried about recovering the data, under what circumstances? The value of the blackening feature should be that you can give away the drive and your password, say, under pressure by the [court|mafia|whoever], without compromising any confidential information on the drive. > My best guess is that recovering anything from > even _one_ data over-write is going to require that the recoverer have > physical posession of the drive and very sophisticated equipment > indeed. That means they have to be some branch of a govermnment. Hmm, I much doubt that. True, you need a clean room and a magnetic force microscope. Even standard data recovery firms like www.dataclinic.co.uk, however, can recover data under up to 8 overwrites. (NB: No affiliation or recommendation there.) Government agencies can go deeper (20x or possibly more but it gets increasingly more difficult). > If you are going to attract attention of that caliber there are likely a lot > of other easier means of finding out what you are up to. Sure, like pointing an antenna at my computer while its running ;-) I guess my main point is: If there is a blackening feature which is designed to give users peace of mind about disclosing their password under pressure, and it is known that data can be recovered underneath simple overwrites for a pack of $$ but that writing a random pattern, say 30x, makes the delete safe, I'd much argue in favour of doing the latter. As the areas are small, this should be really quick, too. The problem is getting the multiple overwrites out to the magnetic media, rather than them sitting somewhere in a cache buffer in computer or drive memory. > Otherwise, a good hot fire ought to be pretty final even for the CIA. Actually, the above firm specializes in "Track 0 damage, fire damage, flood damage, impact damage and overwritten data"... So, if a commercial enterprise can offer this, I don't think I'm unduly concerned. Depending on the country, dissolving the magnetic layer in acid or finely grinding it off are considered "final" for classified materials. Now, I'm not interested in an exercise of extreme paranoia. If overwritten keys can, however, easily be recovered then I'd consider this a relative weakness compared to all the sophisticated effort that has gone into the design of gbde and its encryption algorithms. My question hence remains, can someone more knowledgable than me maybe comment on whether I have misunderstood what gbde does, or else how the strength of the blackening could please be improved (i.e., how to do a 30x random wipe bypassing cache in a hardware independent manner)? With best regards, David. ------------------------------------------------------------------------ Dr David Philip Kreil ("`-''-/").___..--''"`-._ Research Fellow `6_ 6 ) `-. ( ).`-.__.`) University of Cambridge (_Y_.)' ._ ) `._ `. ``-..-' ++44 1223 764107, fax 333992 _..`--'_..-_/ /--'_.' ,' www.inference.phy.cam.ac.uk/dpk20 (il),-'' (li),' ((!.-'