Date: Sat, 04 Sep 2004 00:18:38 +0100 From: David Kreil <kreil@ebi.ac.uk> To: "Vijay Kaul" <vkaul@ma.rr.com>, freebsd-fs@freebsd.org, freebsd-questions@freebsd.org, freebsd-geom@freebsd.org Cc: David Kreil <kreil@ebi.ac.uk> Subject: Re: gbde blackening feature - how can on disk keys be "destroyed" thoroughly? Message-ID: <200409032318.i83NIcu05679@puffin.ebi.ac.uk> In-Reply-To: Your message of "Fri, 03 Sep 2004 18:05:14 CDT." <opsdrw20wckoo9zg@gogobera.ma.rr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Dear Vijay,
> I guess I took this off the list. It's OT, in my oppinion.
Oh. Anywhere more appropriate to send it to that you could suggest at all? Now
also trying freebsd-geom - would that have been the better place to send this
to to start with?
> I don't know much of anything about data recovery. But, if you can recover
> data under 20 layers of random writes or 20 iterations of 0s, then how
> *can* you wipe a hard drive? Short, preferably, of setting fire to it :D
Sigh, tricky, yes. Apparently wiping with >20 repeats of random noise does the
trick (say from /dev/random or arc4random generated). The difficulty with
modern file systems / operating systems / disk drives is actually getting the
patterns written to the magnetic media.
I'm writing to the list because both assessing whether there really is a risk
and how to fix it requires quite a bot of knowledge that I lack, like knowing
where to look in the gbde code (maybe I misunderstood?), or writing code that
is disk driver/hardware caching aware and can hence force a flush.
I'd be most grateful for any help or suggestions.
With best regards,
David.
> >
> > Hi,
> >
> >> From what I can see so far, they are simply overwritten with zeros - is
> >> that
> > right? If so, the blackening feature would be much weakend, as once can
> > read
> > up to 20 layers of data even under random data (and more under zeros). I
> > would
> > be most grateful for comments, or suggestions of where/how one could
> > extend
> > the code to do a secure wip of the key areas. Also, I know practically
> > nothing
> > of how I could to best get FreeBSD to physically write to disk
> > (configurability of hardware cache etc permitting).
> >
> > With best regards,
> >
> > David.
> >
> >>
> >> Hello,
> >>
> >> I was wondering whether someone knowledgable about gbde internals could
> >> tell
> >> me how the keys are being destroyed on request under the "blackening
> >> feature".
> >> Ideally, I'd like them to be overwritten with random data at least 20
> >> times
> >> independently, but I suspect it may well be done in a different way.
> >> I'd be
> >> grateful for learning how the blackening works (and why!).
> >>
> >> With many thanks for your help in advance,
> >>
> >> David Kreil.
> >>
> >
> > ------------------------------------------------------------------------
> > Dr David Philip Kreil ("`-''-/").___..--''"`-._
> > Research Fellow `6_ 6 ) `-. ( ).`-.__.`)
> > University of Cambridge (_Y_.)' ._ ) `._ `. ``-..-'
> > ++44 1223 764107, fax 333992 _..`--'_..-_/ /--'_.' ,'
> > www.inference.phy.cam.ac.uk/dpk20 (il),-'' (li),' ((!.-'
> >
> >
> > _______________________________________________
> > freebsd-questions@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to
> > "freebsd-questions-unsubscribe@freebsd.org"
>
>
>
> --
> Using Opera's revolutionary e-mail client: http://www.opera.com/m2/
>
------------------------------------------------------------------------
Dr David Philip Kreil ("`-''-/").___..--''"`-._
Research Fellow `6_ 6 ) `-. ( ).`-.__.`)
University of Cambridge (_Y_.)' ._ ) `._ `. ``-..-'
++44 1223 764107, fax 333992 _..`--'_..-_/ /--'_.' ,'
www.inference.phy.cam.ac.uk/dpk20 (il),-'' (li),' ((!.-'
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200409032318.i83NIcu05679>