Date: Fri, 21 May 1999 00:42:02 -0600 From: Wes Peters <wes@softweyr.com> To: Darren Reed <darrenr@reed.wattle.id.au> Cc: freebsd-security@FreeBSD.ORG Subject: Re: secure deletion Message-ID: <3745003A.874424CD@softweyr.com> References: <199905201013.UAA12994@avalon.reed.wattle.id.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Darren Reed wrote: > > So properly in this case means using memset rather than bzero and a > variable number of passes, correct (with perhaps a programmable pattern) ? > Being able to verify that the file's contents get nuked to the value the > pass is meant to have set it to might be worthwhile. > > After the first pass, I'm not sure that there is any meaningful addition > to the security of the erased data. You're wrong here. > Access to sophisticated machinery is required to circumvent it, Any anyone with $100 has access to that machinery -- disk recovery houses. In some cases, you can read it from an ordinary controller; overwriting disk blocks with zeros often doesn't erase the one bits enough to keep the head from reading back the same you to were trying to overwrite. > but if that is what you're trying to protect > against then why fool yourself by deploying a level of security that is > known to be less than Government bodies who physically destroying disks. > > I don't think you understand the problem properly if you think it can be > coded "correctly" - what you're proposing just isn't possible via software > where one overwrite is pretty much as good as multiple. But one overwrite isn't anywhere near as good as multiples, especially if you pay a little attention to how disk drives actually record data. The real key is to rotate the individual bits between 1 and 0 multiple times so you are erasing deeply into the recording media and not leaving "generations" of data on the platter. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://www.softweyr.com/~softweyr wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3745003A.874424CD>