gbde blackening feature - how can on disk keys be "destroyed"
thoroughly?
David Kreil
kreil at ebi.ac.uk
Fri Jul 15 10:14:29 GMT 2005
Dear Poul-Henning,
Thank you for your fast and friendly reply!
> In FreeBSD you need to study the cvs logs to see what happened.
>
> http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/geom/bde/?hideattic=0>
Ah, thanks!
> >You have been most helpful in our discussion last year. I have now, in
> >particular, been wondering whether you have since at all had a chance of
> >revisiting the issue of blackening keys with multiple physical random
> >overwrite before resetting them to zero to avoid key recovery by methods
> >as available from companies like www.dataclinic.co.uk.
>
> I have talked with some people from various disk manufactureres who
> know what they talk about and their unanimous advice is: "forget it".
> The geometry of modern disk R/W heads does not allow you to do anything
> which will be really efficient.
This, however, would not matter due to the beauty of the gbde design! The
areas that one would need to "wipe" are very small. All we need to thoroughly
destroy are the keys, then the rest can safely stay in place.
So, even if one doesn't know how to disable device caching, if a typical disk
cash is 8MB, I suppose one could flush it through by writing 20MB. so, if one
has |key|20MB bla| on disk and one wrote |random|20MB bla| that should ge the
"random" bits overwriting the key on disk (but for hardware level sector
remapping but that is a rare event). One would have to bypass the operating
system cache though but I guess you would know how to do that, right?
This should take less than 1s on a modern disk, i.e., less than half a minute
for the entire procedure, x4 = 1-2 minutes, which should be fast enough for a
final destruction.
Would it be a lot of work for someone knowledgable to implement that? I'd be
happy to help but my knowledge of FreeBSD internals is sketchy to say the
least.
What do you think? I much look forward to hearing from you.
With best regards,
David.
---------------------------------------------------------------------------
Dr David Philip Kreil
Research Fellow, Darwin College, | WWTF Vienna Science Chair of
University of Cambridge | Bioinformatics, Dept of Biotechnology,
++44 1223 764107, fax 7092 810040 | c/o IAM / BOKU, A-1190 Muthgasse 18
www.inference.phy.cam.ac.uk/dpk20 | ++43 1 360066830
More information about the freebsd-fs
mailing list