From nobody Sun Jan 16 01:06:14 2022 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 994061958FAF; Sun, 16 Jan 2022 01:06:16 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: from mail-ua1-x935.google.com (mail-ua1-x935.google.com [IPv6:2607:f8b0:4864:20::935]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JbxgW3pmzz4ssS; Sun, 16 Jan 2022 01:06:15 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: by mail-ua1-x935.google.com with SMTP id l15so23777375uai.11; Sat, 15 Jan 2022 17:06:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to:cc; bh=PAPGpNRrlz6s0sAzuqZ2Km4ZvDj6UkLaqs/UaGB3GFA=; b=c9S85tsOr0crxPsuT+f3Lo+EKhLs8lrSxkED31VG2F6prPsqHVP2KlkZq7kKXka6Ak HJxFc8athHDxhTV9x4azl+vPyutuyujM8UgdKoI97thxMHtIzVwOwFVV8CQdLSdSEUA8 VtPwqmhgCI1xP8NuFlM+s+9sCXS8UhWA7qVXbx7x/uumyY/2K2VtW54DCc8YfdeMGHVR t7IGBwNEn2LaCR8HtFk+RaDYVuwIWlD2WSn5c3t0YwbUIYdqMwRTf/XcHFRbZ+G7wbBx cz4KHdtFiOuEZ8iBopLHZJ1r/VFqIyoqIzM1qnQJRdFdl+C/bkTTjPDG+IzrnlmAX1Oh JXKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=PAPGpNRrlz6s0sAzuqZ2Km4ZvDj6UkLaqs/UaGB3GFA=; b=cO7rhPHgYDpgUNxq48nK4bZNXufz8M80zryq7zzbf4K/BzZ1LhkuKJCLCv7udXks5m BjRPUBazPcp+aAL1ESunm8T0qniADlPfundgY1EYhPm0m7brnd2OkDGEMNQ55uoB208C FALwXTtKp8kklF7BuNPCn1qOXV4/B/8HnKkpKV1lZot7zFSm9XoMt0Fn757Qc6nZGSK9 c6D6KxZNpm6Aos8kaT87aolqP+XMwmXNzWAT1/q/Z+R8n1NJL+fkcegVOCdQXLnGml1Q AFaWCgfmsab4sA4cly1Ik+HWEtFZcRQ1o0Fm3XHXKziMHbeDgZVz2CJGoZRVx6lZ8l9j AfFg== X-Gm-Message-State: AOAM530gmg5nnLjQq91n35shp+UUSz9dOYTl8GfHASkjz+5R8YISiETu ltvNzmAtqCTlp9oD0QNVPPsRnYNXtIxqSFKgIAZlW1G1FqrvEIGS X-Google-Smtp-Source: ABdhPJwOFFzdVOaGDahED79x1SUmhzzFHY8NPCImSJHQFL9zJydNObrgdke5f1Izv4sHnttUI5uLw3gxKY6S0J6IbIE= X-Received: by 2002:ab0:130e:: with SMTP id g14mr6195370uae.124.1642295174622; Sat, 15 Jan 2022 17:06:14 -0800 (PST) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 Received: by 2002:a59:cda4:0:b0:278:7001:4412 with HTTP; Sat, 15 Jan 2022 17:06:14 -0800 (PST) From: grarpamp Date: Sat, 15 Jan 2022 20:06:14 -0500 Message-ID: Subject: Zeroing Storage Devices [re: dd, #OpenFabs #CryptoFunding #Meshnets] To: freebsd-questions@freebsd.org Cc: freebsd-security@freebsd.org, freebsd-net@freebsd.org, freebsd-hardware@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 4JbxgW3pmzz4ssS X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20210112 header.b=c9S85tsO; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of grarpamp@gmail.com designates 2607:f8b0:4864:20::935 as permitted sender) smtp.mailfrom=grarpamp@gmail.com X-Spamd-Result: default: False [-2.00 / 15.00]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_SPAM_MEDIUM(1.00)[1.000]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MID_RHS_MATCH_FROMTLD(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::935:from]; NEURAL_HAM_SHORT(-1.00)[-0.998]; MLMMJ_DEST(0.00)[freebsd-questions,freebsd-security,freebsd-net,freebsd-hardware]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim] X-ThisMailContainsUnwantedMimeParts: N > Nothing on the operating system side of the [disk] controller (and its > firmware) has got direct access to what's under the hood of the [disk]. Modern disk, tape, usb, ssd, etc... Some of them now show different read or write speeds depending on whether zero or random data was read or write from them... (users may need to eliminate system/random bottleneck by pregenerating random data into say 1GiB file on ramdrive source and going to/from there, /dev/null, /dev/zero.) Not since decades ago advent of badblock management in firmware has zero been even a remotely trustable method, now it's even worse. Minimum, effective, simple, at-rest data security protocol for the masses is now... buy drive dd if=/dev/random of=drive bs=1m encrypt drive use drive destroy key dd if=/dev/random of=drive bs=1m reuse or destroy drive None of today's CPU, NIC, plugin-hw, networks [1], etc are even the slightest bit trustable, at all, period. So while that protocol will always be needed, you really must start improving the hardware situation by routing around and displacing the old top-secret owners of the legacy system with completely new models... #OpenFabs , #OpenHW , #OpenAudit , #FormalVerification , #CryptoFunding , #OpenTrust High demand exists for a magnitude shift in HW trustability, a new open platform... total greenfield, highly profitable to whoever does it first, free-market voluntaryism at work. [1] While you're at it, lay your own P2P fiber/RF meshnets too. The legacy internet has refused to encrypt and fully chaff all its links, and censorship spyveillance control is rampant. So now you must route around that too with something much better, built by, for, and with openhw components piecewise owned and operated by... you, the individual users, outside central control, p2p, together in freedom, decentralized distributed encrypted, all around the globe. The economics of these things are all now possible, saved from cancelling decade of monthly subscriptions, crypto crowdfunding and even share ownership via privacy-enabled cryptocurrencies DAO's, etc... And of course, FreeBSD runs on and powers part of it too. Free your mind, get started, have fun :)