From owner-freebsd-security  Thu Nov 18 18: 2:15 1999
Delivered-To: freebsd-security@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 758)
	id EADD914E51; Thu, 18 Nov 1999 18:02:11 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
	by hub.freebsd.org (Postfix) with ESMTP
	id D7BE41CD626; Thu, 18 Nov 1999 18:02:11 -0800 (PST)
	(envelope-from kris@hub.freebsd.org)
Date: Thu, 18 Nov 1999 18:02:11 -0800 (PST)
From: Kris Kennaway <kris@hub.freebsd.org>
To: TrouBle <trouble@netquick.net>
Cc: Wes Peters <wes@softweyr.com>, freebsd-security@FreeBSD.ORG
Subject: Re: secure filesystem wiping
In-Reply-To: <3834785B.D1A99603@netquick.net>
Message-ID: <Pine.BSF.4.21.9911181733060.38437-100000@hub.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, 18 Nov 1999, TrouBle wrote:

> Wipe is a tool that effectively degauses the surface of a hard
> disk, making it virtually impossible to retrieve the data that was
> stored on it. This is the ultimate in making sure secure data that is
> erased from a hard drive is unrecoverable.

Impressive words!

Now go read the references people have given you in this topic which
explain why THIS CLAIM IS EFFECTIVELY BULLSHIT! No, really, go and read
them. Read. With your eyes.

I don't understand why you think that the person who wrote the Linux tool
is privy to some kind of enlightened knowledge which us poor FreeBSD'ers
(and the security researches who authored the aforementioned papers on
secure deletion) aren't. If Wes Peters wrote some impressive drivel to
attach to his 'obliterate' program about how kick-arse it is, would it
make you happier?

For your future reference, one of the most important axioms in using
security software is:

AXIOM 1) take all claims made by the vendor about the abilities of
their software with a very large handful of NaCl.

Exercise for the novice reader: apply Axiom 1 to the Linux 'wipe' program.

Exercise 2: apply axiom 1 to the secure deletion utility "FileSpanker"
which can be found at http://www.freebsd.org/~kris/filespanker.sh

-Kris

----
Cthulhu for President! For when you're tired of choosing the _lesser_ of
two evils..



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message