gbde blackening feature - how can on-disk keys be "destroyed" thoroughly?

David Kreil kreil at ebi.ac.uk
Fri Sep 3 17:36:52 PDT 2004


Dear LenZ,

> Who are you worried about recovering the data, under what circumstances?

The value of the blackening feature should be that you can give away the drive 
and your password, say, under pressure by the [court|mafia|whoever], without 
compromising any confidential information on the drive.

> My best guess is that recovering anything from
> even _one_ data over-write is going to require that the recoverer have
> physical posession of the drive and very sophisticated equipment
> indeed.  That means they have to be some branch of a govermnment.

Hmm, I much doubt that. True, you need a clean room and a magnetic force 
microscope. Even standard data recovery firms like www.dataclinic.co.uk, 
however, can recover data under up to 8 overwrites. (NB: No affiliation or 
recommendation there.)

Government agencies can go deeper (20x or possibly more but it gets 
increasingly more difficult).

> If you are going to attract attention of that caliber there are likely a lot
> of other easier means of finding out what you are up to.

Sure, like pointing an antenna at my computer while its running ;-)

I guess my main point is: If there is a blackening feature which is designed 
to give users peace of mind about disclosing their password under pressure, 
and it is known that data can be recovered underneath simple overwrites for a 
pack of $$ but that writing a random pattern, say 30x, makes the delete safe, 
I'd much argue in favour of doing the latter. As the areas are small, this 
should be really quick, too. The problem is getting the multiple overwrites 
out to the magnetic media, rather than them sitting somewhere in a cache 
buffer in computer or drive memory.

> Otherwise, a good hot fire ought to be pretty final even for the CIA.

Actually, the above firm specializes in "Track 0 damage, fire damage, flood 
damage, impact damage and overwritten data"...

So, if a commercial enterprise can offer this, I don't think I'm unduly 
concerned. Depending on the country, dissolving the magnetic layer in acid or 
finely grinding it off are considered "final" for classified materials.

Now, I'm not interested in an exercise of extreme paranoia. If overwritten keys can, however, easily be recovered then I'd consider this a relative weakness compared to all the sophisticated effort that has gone into the design of gbde and its encryption algorithms.

My question hence remains, can someone more knowledgable than me maybe comment on whether I have misunderstood what gbde does, or else how the strength of the blackening could please be improved (i.e., how to do a 30x random wipe bypassing cache in a hardware independent manner)?

With best regards,

David.


------------------------------------------------------------------------
Dr David Philip Kreil                 ("`-''-/").___..--''"`-._
Research Fellow                        `6_ 6  )   `-.  (     ).`-.__.`)
University of Cambridge                (_Y_.)'  ._   )  `._ `. ``-..-'
++44 1223 764107, fax 333992         _..`--'_..-_/  /--'_.' ,'
www.inference.phy.cam.ac.uk/dpk20   (il),-''  (li),'  ((!.-'




More information about the freebsd-fs mailing list