From owner-freebsd-security  Thu Nov 18 21:32:15 1999
Delivered-To: freebsd-security@freebsd.org
Received: from ind.alcatel.com (postal.xylan.com [208.8.0.248])
	by hub.freebsd.org (Postfix) with ESMTP
	id 944C615471; Thu, 18 Nov 1999 21:32:11 -0800 (PST)
	(envelope-from wes@softweyr.com)
Received: from mailhub.xylan.com (mailhub [198.206.181.70])
	by ind.alcatel.com (8.9.3+Sun/8.9.1 (ind.alcatel.com 3.0 [OUT])) with SMTP id VAA26335;
	Thu, 18 Nov 1999 21:27:52 -0800 (PST)
X-Origination-Site: <ind.alcatel.com>
Received: from omni.xylan.com by mailhub.xylan.com (SMI-8.6/SMI-SVR4 (mailhub 2.1 [HUB]))
	id VAA00351; Thu, 18 Nov 1999 21:27:52 -0800
Received: from softweyr.com ([204.68.178.39]) by omni.xylan.com (4.1/SMI-4.1 (xylan engr [SPOOL]))
	id AA16860; Thu, 18 Nov 99 21:27:49 PST
Message-Id: <3834DFD4.95D08AFD@softweyr.com>
Date: Thu, 18 Nov 1999 22:27:48 -0700
From: Wes Peters <wes@softweyr.com>
Organization: Softweyr LLC
X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 3.1-RELEASE i386)
X-Accept-Language: en
Mime-Version: 1.0
To: Dug Song <dugsong@monkey.org>
Cc: Jonathon McKitrick <jcm@dogma.freebsd-uk.eu.org>,
	security@FreeBSD.ORG, questions@FreeBSD.ORG
Subject: Re: secure filesystem wiping
References: <Pine.BSO.4.10.9911181606420.12081-100000@funky.monkey.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Dug Song wrote:
> 
> On Thu, 18 Nov 1999, Jonathon McKitrick wrote:
> 
> > Why isn't it possible to read unallocated sectors and write back sectors
> > full of garbage, or 0xFF?
> 
> this was the topic of a recent thread on comp.security.unix:
> 
> peter gutmann's excellent paper from the 6th USENIX security symposium is
> probably the definitive answer:
> 
>         http://www.fish.com/security/secure_del.html

That's the algorithm my "obliterate" program uses, modulo caching in the
disk controller, etc.  The idea occurred to me this afternoon it would be
relatively easy to wipe the unallocated sectors of a disk if it were
unmounted, right after a fsck or maybe as a final optional pass to fsck.
Such an operation would be excruciatingly slow on a disk of any size,
though.

-- 
            "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                         Softweyr LLC
wes@softweyr.com                                           http://softweyr.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message