secure deletion

Kiril Mitev kiril at ideaglobal.com
Thu May 20 15:42:26 GMT 1999


> 
> In some email I received, Darren Reed wrote:
> 
> > I don't think you understand the problem properly if you think it can be
> > coded "correctly" - what you're proposing just isn't possible via software
> > where one overwrite is pretty much as good as multiple.
> 
> I agree with that last statement. An implementation on FreeBSD probably does
> not need to write multiple times to the disk. The added security in that
> case will not matter. What I think is the issue is how much security people
> are seeking. You can see several levels:
> 
> - none: files are deleted the way they are now, and it is fine. The
> mechanism provided by FreeBSD when reallocating the disk blocks are good
> enough to ensure the level of confidentiality we are looking after.
> 
> - basic: what the original poster was suggesting: writing garbage data (be
> it zero or some pattern) over the deleted chunks. The clear advantage of
> that is that if you try to recover the freed blocks on a system comparable
> to the original system, you will probably not get anything useful out of the
> disk.
> 
> - thorough: what government agencies do: physically destroy the disk. But
> this is not really practical when you just intend to erase a single file...
> 
> In defense of the "basic" mechanism, I can see people getting worried that
> by just running some program on a disk people can recover data that they
> would wish gone for good. I am not talking about an organization that could
> use all the funky hardware that would be required to fin the remanence of
> the magnetic trace left by the data that was on the disk 20 writes ago, but
> just somebody pulling the disk into another system on running recovery
> programs.
> 
> I don't think the original poster was considering applications with very
> tight security requirements (like the government may have in some cases).
> But more protection against "casual" hackers (if a such thing exists).

<me too=not>

well, not to split hairs, but if you (1) ARE worried about your disk being
put into another machine to be read by recovery tools, 
-> then, you are probably worried about physical access to hardware
-> then you (theoretically) should be worried about locking up your
hardware, rather than wiping your disk :-0

====
(1) you the generic user, not you Patrick 


> Just my 2 cents,
> 
> 
> Have a nice day.
> 
> 
> Patrick.
> 
> --
> Et les Shadoks pompaient...
> 
> 
> 
> To Unsubscribe: send mail to majordomo at FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 

To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message



More information about the posix1e mailing list