Zeroing sensitive memory chunks [Was: Security Flaw in Popular
Disk Encryption Technologies]
RW
fbsd06 at mlists.homeunix.com
Wed Feb 27 00:30:18 UTC 2008
On Tue, 26 Feb 2008 22:49:37 +0300
Eygene Ryabinkin <rea-fbsd at codelabs.ru> wrote:
> Yes, Geoff just responded to my private question: it was Peter
> Gutmann, who pointed him to the thing you're talking about. There
> is a paper by Peter,
> http://www.usenix.org/publications/library/proceedings/sec96/full_papers/gutmann/
There's an updated copy of this paper on Gutmann's site that points-out
that he was writing about devices that were being decommissioned in
the early nineties, and that he's sceptical about anything being
recovered from modern drives once they have been overwritten - even
once. The idea that that forensic scientists use this kind of technique
to recover deleted files is a myth.
> I still don't understand how cleaning of a memory area will help
> to clean the swapped page, but may be there are some systems which
> will update the swapped page on the memory access.
That shouldn't be an issue since it's easy to encrypt swap with a
one-time key. In FreeBSD you simply append .eli to the swap
device name in fstab.
More information about the freebsd-hackers
mailing list