From: Tom Vier <tmv@comcast.net>
To: Oleg Drokin <green@namesys.com>
Cc: reiserfs-list@namesys.com
Subject: Re: Behavior of tails with respect to shred, wipe, etc
Date: Wed, 30 Oct 2002 02:14:33 -0500 [thread overview]
Message-ID: <20021030071433.GA824@yzero> (raw)
In-Reply-To: <20021030093628.A5560@namesys.com>
On Wed, Oct 30, 2002 at 09:36:28AM +0300, Oleg Drokin wrote:
> On Tue, Oct 29, 2002 at 09:32:17PM -0500, Tom Vier wrote:
> > > > I guess we should address this issue in reiser4. This is -security-
> > > > feature after all. Hans? It is not clear how to intehgrate this with
> > > > journalling though.
> > > Zero out all freed blocks (mount option). This will kill write performance
> > > though.
> > you could add support for the +s attr. zero-out current contents on delete.
>
> That won't work with editors that create temporary file, write new content into
> it and then rename that temp file into new one.
true. it has several problems. i think ext2 still doesn't support it,
either.
> > i'm the author of (one) wipe (aka ya-wipe, there's more than one "wipe") and
> > i made a point to be clear in the docs and on wipe.sf.net that encryption is
> > the only complete solution. my app is most useful for using on whole drives,
>
> Another one (for deleted data to stay deleted) is to zero out all freed blocks
> ;)
yes. you could make that a mount option, but i think it would be pointless.
if the data is that important, encrypt it. if it isn't, but it needs to be
wiped, wipe it when you get rid of the drive.
> > if you're going to sell it on ebay or something, and you want non-secret
> > personal stuff off (or at least invisible to almost all).
>
> Is that somehow better than badblocks -w /dev/hdX ? ;)
yes, it's suppost to be. i personally wouldn't put my life on the line that
guttman's or anyone else's wipe patterns are any better than random data,
but some gov agency require drives be wiped using certain algorthyms (the
next version of my wipe is planned to include at least a few). the thing is,
even random data, overwritten 100 times, it's still theoretically possible
to retrieve the plaintext (random head offset, bad sector reallocation,
etc). i consider it just a matter of money. if someone wants to get data off
a drive, it's probably primarily a matter of time and money. the technology
to do atomic level imaging is there.
i highly recommend people read peter guttman's paper. i have a copy on my
site, his seems to have been moved:
http://wipe.sf.net/secure_del.html
--
Tom Vier <tmv@comcast.net>
DSA Key ID 0xE6CB97DA
next prev parent reply other threads:[~2002-10-30 7:14 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-10-25 15:40 Behavior of tails with respect to shred, wipe, etc Brett Russ
2002-10-25 15:55 ` Nikita Danilov
2002-10-25 16:00 ` Oleg Drokin
2002-10-25 16:09 ` Nikita Danilov
2002-10-26 7:06 ` Valdis.Kletnieks
2002-10-30 2:32 ` Tom Vier
2002-10-30 6:36 ` Oleg Drokin
2002-10-30 7:14 ` Tom Vier [this message]
2002-10-25 21:13 ` Brett Russ
2002-10-28 10:01 ` Nikita Danilov
2002-10-26 1:41 ` Hans Reiser
2002-10-26 7:09 ` Valdis.Kletnieks
2002-10-26 13:53 ` Hans Reiser
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20021030071433.GA824@yzero \
--to=tmv@comcast.net \
--cc=green@namesys.com \
--cc=reiserfs-list@namesys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.