From owner-freebsd-fs@FreeBSD.ORG Sun Sep 5 12:13:56 2004 Return-Path: Delivered-To: freebsd-fs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 175A016A4CE; Sun, 5 Sep 2004 12:13:56 +0000 (GMT) Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7286543D31; Sun, 5 Sep 2004 12:13:55 +0000 (GMT) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.13.1/8.13.1) with ESMTP id i85CDqxi025406; Sun, 5 Sep 2004 14:13:53 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: David Kreil From: "Poul-Henning Kamp" In-Reply-To: Your message of "Sun, 05 Sep 2004 00:32:59 BST." <200409042332.i84NWxC17377@puffin.ebi.ac.uk> Date: Sun, 05 Sep 2004 14:13:52 +0200 Message-ID: <25405.1094386432@critter.freebsd.dk> Sender: phk@critter.freebsd.dk cc: freebsd-fs@freebsd.org cc: freebsd-questions@freebsd.org Subject: Re: gbde blackening feature - how can on disk keys be "destroyed" thoroughly? X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Sep 2004 12:13:56 -0000 In message <200409042332.i84NWxC17377@puffin.ebi.ac.uk>, David Kreil writes: >> On a modern disk there is no sequence of writes that will guarantee >> you that your data is iretriveable lost. >> Even if you rewrite a thousand times, you cannot guard yourself against >> the sector being replaced by a bad block spare after the first write. > >Good point. In the rare chance event that this happens, it would indeed be bad >news as an attacker would then only have to scan the bad blocks for possible >copies of the key. He still has no way of recognizing the key though... >A simple improvement on the present situation would already be if >the keys were not overwritten with zeros but with random bits. I >don't know how difficult it would be to attempt to physically write >random bits multiple times but it would much strengthen the feature >apart from the rare cases when the sectors of the masterkey have >been remapped into bad blocks. Please read the paper, there is a reason why it is zero bits. >What do you think? Is the required effort disproportional to the >intended value of the blackening feature? Blackening adds no significant incremental security imo, on the other hand it is feasible to implement it, so I've put it on the todo list. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.