Date: Thu, 28 Apr 2005 07:02:49 -0700 (PDT) From: Arne "Wörner" <arne_woerner@yahoo.com> To: Robert Krten <root@parse.com> Cc: freebsd-fs@freebsd.org Subject: Re: Background block scrubbing Message-ID: <20050428140249.88064.qmail@web41203.mail.yahoo.com> In-Reply-To: <200504281304.JAA02215@parse.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--- Robert Krten <root@parse.com> wrote: > =?iso-8859-1?q?Dag-Erling_Sm=F8rgrav?= sez... > > "Robert Krten" <root@parse.com> writes: > > > Is there a utility that does background unused block > > > scrubbing? > > > > > > What I'm thinking of is something that looks for unused > > > blocks on the > > > disk, and then writes zeros, then random, then more > > > random, etc, to them for security applications. > > > > That's not how it's done. Here's a good explanation of how > > to do it and why it must be done that way: > > > > http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html > I think, that article dramatizes the problem a little, because: It says itself in the end, that with modern hard discs writing random data would be enough (so it is just 8 or so; I did not read the whole article and I am not so good in such things, but I do not know, why it should be possible to know, if a suspected former value of a bit should be the value the attacker is looking for (e. g. MY_DATA, RANDOM_1, RANDOM_2: since just RANDOM_2 is known in the beginning I do not see how an attacker should find MY_DATA by looking at slight variations in magnetization without knowing RANDOM_1); of course it would be necessary to chose good random data (no repetitive/periodic behaviour)). Maybe I should read that article closer... :-) > Gotcha. I wasn't aware it was *35* :-) I was thinking/hoping > more like 3 or 4 with random garbage. > (citation from the above mentioned paper:) "Modern PRML/EPRML" drives (whatever that might be; I think my hard discs both do PRML) just need some random data passes... So you should first check, which kind of drive you need a tool for. Furthermore overwriting the old data once with zeroes should protect you against most attackers... Especially when they are remote attackers, that have to use your operating system for the attack... Maybe you should analysze the kind of attacks, you want to care for: Will they get physical access to your hard disc? Or will they just read from the raw device (/dev/ad0...) with "dd" or so? -Arne __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050428140249.88064.qmail>