gbde blackening feature - how can on disk keys be "destroyed" thoroughly?

[Poul-Henning Kamp]

In message <200409032243.i83MhuA02066 at puffin.ebi.ac.uk>, David Kreil writes:
>
>Hi,
>
>>From what I can see so far, they are simply overwritten with zeros - is that 
>right? If so, the blackening feature would be much weakend, as once can read 
>up to 20 layers of data even under random data (and more under zeros). I would 
>be most grateful for comments, or suggestions of where/how one could extend 
>the code to do a secure wip of the key areas. Also, I know practically nothing 
>of how I could to best get FreeBSD to physically write to disk 
>(configurability of hardware cache etc permitting).

On a modern disk there is no sequence of writes that will guarantee
you that your data is iretriveable lost.

Even if you rewrite a thousand times, you cannot guard yourself against
the sector being replaced by a bad block spare after the first write.

If your threat-analysis indicates this is a serious threat for you,
you should arrange for simple physical destruction of your disk to
be available.

Most modern disks have one or more holes in the metal only covered
by a metalic sticker.  Pouring sulfuric acid through those openings
is a good start.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.