gbde blackening feature - how can on disk keys be "destroyed"
thoroughly?
Poul-Henning Kamp
phk at phk.freebsd.dk
Fri Jul 15 09:24:22 GMT 2005
In message <200507142037.j6EKbaf12941 at parrot.ebi.ac.uk>, David Kreil writes:
>
>Dear Poul-Henning,
>
>After a job induced pause in my strong interest in encryption solutions,
>I have on my return tried to learn what has since changed with gbde. I must
> be missing the obvious because I cannot locate a "changelog" or "release
> notes" document.
Not much has happened :-)
In FreeBSD you need to study the cvs logs to see what happened.
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/geom/bde/?hideattic=0
>You have been most helpful in our discussion last year. I have now, in
>particular, been wondering whether you have since at all had a chance of
>revisiting the issue of blackening keys with multiple physical random
>overwrite before resetting them to zero to avoid key recovery by methods
>as available from companies like www.dataclinic.co.uk.
I have talked with some people from various disk manufactureres who
know what they talk about and their unanimous advice is: "forget it".
The geometry of modern disk R/W heads does not allow you to do anything
which will be really efficient.
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the freebsd-fs
mailing list