gbde blackening feature - how can on disk keys be "destroyed" thoroughly?

Poul-Henning Kamp phk at
Sun Sep 5 05:13:56 PDT 2004

In message <200409042332.i84NWxC17377 at>, David Kreil writes:

>> On a modern disk there is no sequence of writes that will guarantee
>> you that your data is iretriveable lost.
>> Even if you rewrite a thousand times, you cannot guard yourself against
>> the sector being replaced by a bad block spare after the first write.
>Good point. In the rare chance event that this happens, it would indeed be bad 
>news as an attacker would then only have to scan the bad blocks for possible 
>copies of the key.

He still has no way of recognizing the key though...

>A simple improvement on the present situation would already be if
>the keys were not overwritten with zeros but with random bits. I
>don't know how difficult it would be to attempt to physically write
>random bits multiple times but it would much strengthen the feature
>apart from the rare cases when the sectors of the masterkey have
>been remapped into bad blocks.

Please read the paper, there is a reason why it is zero bits.

>What do you think? Is the required effort disproportional to the
>intended value of the blackening feature?

Blackening adds no significant incremental security imo, on the
other hand it is feasible to implement it, so I've put it on the
todo list.

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

More information about the freebsd-fs mailing list