From owner-freebsd-hackers@FreeBSD.ORG  Fri Nov 28 00:14:51 2003
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id A809716A4CE; Fri, 28 Nov 2003 00:14:51 -0800 (PST)
Received: from smtp.omnis.com (smtp.omnis.com [216.239.128.26])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id D8E6643FAF; Fri, 28 Nov 2003 00:14:50 -0800 (PST)
	(envelope-from wes@softweyr.com)
Received: from softweyr.homeunix.net (66-91-236-204.san.rr.com
	[66.91.236.204])	by smtp-relay.omnis.com (Postfix) with ESMTP
	id 596F55B6D4; Fri, 28 Nov 2003 00:14:49 -0800 (PST)
From: Wes Peters <wes@softweyr.com>
Organization: Softweyr
To: "Poul-Henning Kamp" <phk@phk.freebsd.dk>,
	Stefan =?iso-8859-1?q?E=DFer?= <se@freebsd.org>
Date: Fri, 28 Nov 2003 00:14:49 -0800
User-Agent: KMail/1.5.4
References: <32476.1069741443@critter.freebsd.dk>
In-Reply-To: <32476.1069741443@critter.freebsd.dk>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200311280014.49356.wes@softweyr.com>
cc: freebsd-hackers@freebsd.org
Subject: Re: "secure" file flag?
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Nov 2003 08:14:51 -0000

On Monday 24 November 2003 10:24 pm, Poul-Henning Kamp wrote:
> In message <20031124235738.GA4107@StefanEsser.FreeBSD.org>, Stefan
> =?iso-8859-1
>
> >And that is what this thread is about: Secure removal of data from
> >storage media. There definitely is a difference between RLL (as in
> >1,7i RLL) and modern PRML drives under this aspect.
>
> No there isn't.
>
> It's been proven again and again that you cannot reliably overwrite
> data on a magnetic media.  In particular the difference in read/write
> geometry and lack of fine control over head placement makes this
> impossible.
>
> The only reliable way to loose data is to encrypt them and throw the
> key away.

This is the conclusion I came to after pushing the idea around for months.

If you want an interesting problem to work on, come up with a solution to 
the keying problem for disk encryption.  It somehow needs to allow 
automated, unattended reboots during "normal" operations but prevent 
attackers from compromising the system.  Maybe you could have the system 
send an SMS message when it needs a key, you reply with a one-time key 
from your mobile phone?

While you're in there, paint that bikeshed blue.

-- 

        Where am I, and what am I doing in this handbasket?

Wes Peters                                               wes@softweyr.com