Date: Thu, 18 Nov 1999 15:04:14 -0800 (PST) From: Alfred Perlstein <bright@wintelcom.net> To: TrouBle <trouble@netquick.net> Cc: Wes Peters <wes@softweyr.com>, Barrett Richardson <barrett@phoenix.aye.net>, David G Andersen <danderse@cs.utah.edu>, freebsd-questions@FreeBSD.ORG Subject: Re: secure filesystem wiping Message-ID: <Pine.BSF.4.05.9911181454270.12797-100000@fw.wintelcom.net> In-Reply-To: <3834785B.D1A99603@netquick.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 18 Nov 1999, TrouBle wrote: > will you all take a look at this, this is what i am looking for!! > > > Wipe is a tool that effectively degauses the surface of a hard > disk, making it virtually impossible to retrieve the data that was > stored on it. This is the ultimate in making sure secure data that is > erased from a hard drive is unrecoverable. This is a load of BS, as Wes pointed out, there isn't a trully secure way to wipe files, all this program does is repeatedly re-write over the data, depending on the underlying filesystem it may not even be doing that (BSD LFS). The most amusing part of the program is the ridiculous steps you must take to make sure Linux _really really really_ is using sync writing... I suggest using some sort of accellerant and sticking it near your drive with a fuse. As always, backups are a good idea however that would sort of negate the whole idea of blowing up the drive. Your best bet is strong encryption, perhaps with cfs (in ports). And as always, please don't cross-post. -Alfred > > wipe by Tom Vier <thomassr@erols.com> > Wipe is a secure file wiping utility. However, it does not set the > media access bit on scsi commands, therefore it is not 100% secure, > unless your drive has no write cache. For maximum security, disable > drive write cache on scsi mode page 8. If possible, disable operating > system file cache and driver-level buffers. Wipe tries to sync the > data to disk via a call to fdatasync(), fsync(), or using > O_SYNC. Under linux, the mount option "mand" must be used (see > /usr/src/linux/Documentation/mandatory.txt) for mandatory file locks > to be enabled. Wipe should make it extremely difficult for all but the > most determined person(s) to recover the original plaintext > data. Utilities such as PGP and the GNU Privacy Guard provide strong > encryption, but encryption is useless if the original plaintext can be > recovered. > Wipe uses /dev/urandom, or if unavailable, /dev/random, as a source > for entropy. The tiger hash is used for speed. More information on the > tiger hash algorithm is at: > http://www.cs.technion.ac.il/~biham/Reports/Tiger/ > > > > > > > Or ftp://ftp.xmission.com/pub/users/s/softweyr/pub/obliterate-0.3.tgz > > if you prefer. I swear I'm going to wrap a port-kit around this and > > commit it one of these days. Honest! > > > > Actually, this afternoon is looking good for that. > > > > Comments, jeers, applause, and especially money to wes@softweyr.com. ;^) > > Windows 95 (win-DOH-z), n. A thirty-two bit extension and graphical > shell to a sixteen bit patch to an eight bit operating system > originally coded for a four bit microprocessor which was used in a PC > built by a formerly two bit company that couldn't stand one bit of > competition. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9911181454270.12797-100000>