gbde blackening feature - how can on disk keys be "destroyed" thoroughly?

Len Zettel zettel at acm.org
Fri Sep 3 16:40:37 PDT 2004


On Friday 03 September 2004 07:18 pm, David Kreil wrote:
> Dear Vijay,
>
> > I guess I took this off the list. It's OT, in my oppinion.
>
> Oh. Anywhere more appropriate to send it to that you could suggest at all?
> Now also trying freebsd-geom - would that have been the better place to
> send this to to start with?
>
> > I don't know much of anything about data recovery. But, if you can
> > recover data under 20 layers of random writes or 20 iterations of 0s,
> > then how *can* you wipe a hard drive? Short, preferably, of setting fire
> > to it :D
>
While i am not an expert in this area, I can not help but wonder---
Who are you worried about recovering the data, under what
circumstances?  My best guess is that recovering anything from
even _one_ data over-write is going to require that the recoverer have
physical posession of the drive and very sophisticated equipment
indeed.  That means they have to be some branch of a govermnment.
If you are going to attract attention of that caliber there are likely a lot
of other easier means of finding out what you are up to.  Otherwise, a
good hot fire ought to be pretty final even for the CIA.
   -LenZ-
> Sigh, tricky, yes. Apparently wiping with >20 repeats of random noise does
> the trick (say from /dev/random or arc4random generated). The difficulty
> with modern file systems / operating systems / disk drives is actually
> getting the patterns written to the magnetic media.
>
> I'm writing to the list because both assessing whether there really is a
> risk and how to fix it requires quite a bot of knowledge that I lack, like
> knowing where to look in the gbde code (maybe I misunderstood?), or writing
> code that is disk driver/hardware caching aware and can hence force a
> flush.
>
> I'd be most grateful for any help or suggestions.
>
> With best regards,
>
> David.
>
> > > Hi,
> > >
> > >> From what I can see so far, they are simply overwritten with zeros -
> > >> is that
> > >
> > > right? If so, the blackening feature would be much weakend, as once can
> > > read
> > > up to 20 layers of data even under random data (and more under zeros).
> > > I would
> > > be most grateful for comments, or suggestions of where/how one could
> > > extend
> > > the code to do a secure wip of the key areas. Also, I know practically
> > > nothing
> > > of how I could to best get FreeBSD to physically write to disk
> > > (configurability of hardware cache etc permitting).
> > >
> > > With best regards,
> > >
> > > David.
> > >
> > >> Hello,
> > >>
> > >> I was wondering whether someone knowledgable about gbde internals
> > >> could tell
> > >> me how the keys are being destroyed on request under the "blackening
> > >> feature".
> > >> Ideally, I'd like them to be overwritten with random data at least 20
> > >> times
> > >> independently, but I suspect it may well be done in a different way.
> > >> I'd be
> > >> grateful for learning how the blackening works (and why!).
> > >>
> > >> With many thanks for your help in advance,
> > >>
> > >> David Kreil.
> > >
> > > -----------------------------------------------------------------------
> > >- Dr David Philip Kreil                 ("`-''-/").___..--''"`-._
> > > Research Fellow                        `6_ 6  )   `-.  (     ).`-.__.`)
> > > University of Cambridge                (_Y_.)'  ._   )  `._ `. ``-..-'
> > > ++44 1223 764107, fax 333992         _..`--'_..-_/  /--'_.' ,'
> > > www.inference.phy.cam.ac.uk/dpk20   (il),-''  (li),'  ((!.-'
> > >
> > >
> > > _______________________________________________
> > > freebsd-questions at freebsd.org mailing list
> > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > > To unsubscribe, send any mail to
> > > "freebsd-questions-unsubscribe at freebsd.org"
> >
> > --
> > Using Opera's revolutionary e-mail client: http://www.opera.com/m2/
>
> ------------------------------------------------------------------------
> Dr David Philip Kreil                 ("`-''-/").___..--''"`-._
> Research Fellow                        `6_ 6  )   `-.  (     ).`-.__.`)
> University of Cambridge                (_Y_.)'  ._   )  `._ `. ``-..-'
> ++44 1223 764107, fax 333992         _..`--'_..-_/  /--'_.' ,'
> www.inference.phy.cam.ac.uk/dpk20   (il),-''  (li),'  ((!.-'
>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"


More information about the freebsd-fs mailing list