gbde blackening feature - how can on disk keys be "destroyed"
phk at phk.freebsd.dk
Sun Sep 5 05:13:56 PDT 2004
In message <200409042332.i84NWxC17377 at puffin.ebi.ac.uk>, David Kreil writes:
>> On a modern disk there is no sequence of writes that will guarantee
>> you that your data is iretriveable lost.
>> Even if you rewrite a thousand times, you cannot guard yourself against
>> the sector being replaced by a bad block spare after the first write.
>Good point. In the rare chance event that this happens, it would indeed be bad
>news as an attacker would then only have to scan the bad blocks for possible
>copies of the key.
He still has no way of recognizing the key though...
>A simple improvement on the present situation would already be if
>the keys were not overwritten with zeros but with random bits. I
>don't know how difficult it would be to attempt to physically write
>random bits multiple times but it would much strengthen the feature
>apart from the rare cases when the sectors of the masterkey have
>been remapped into bad blocks.
Please read the paper, there is a reason why it is zero bits.
>What do you think? Is the required effort disproportional to the
>intended value of the blackening feature?
Blackening adds no significant incremental security imo, on the
other hand it is feasible to implement it, so I've put it on the
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the freebsd-fs