Background block scrubbing

Arne Wörner arne_woerner at
Thu Apr 28 07:02:50 PDT 2005

--- Robert Krten <root at> wrote:
> =?iso-8859-1?q?Dag-Erling_Sm=F8rgrav?= sez...
> > "Robert Krten" <root at> writes:
> > > Is there a utility that does background unused block
> > > scrubbing?
> > >
> > > What I'm thinking of is something that looks for unused
> > > blocks on the
> > > disk, and then writes zeros, then random, then more
> > > random, etc, to them for security applications.
> > 
> > That's not how it's done.  Here's a good explanation of how
> > to do it and why it must be done that way:
> > 
> >
I think, that article dramatizes the problem a little, because: It
says itself in the end, that with modern hard discs writing random
data would be enough (so it is just 8 or so; I did not read the
whole article and I am not so good in such things, but I do not
know, why it should be possible to know, if a suspected former
value of a bit should be the value the attacker is looking for (e.
g. MY_DATA, RANDOM_1, RANDOM_2: since just RANDOM_2 is known in
the beginning I do not see how an attacker should find MY_DATA by
looking at slight variations in magnetization without knowing
RANDOM_1); of course it would be necessary to chose good random
data (no repetitive/periodic behaviour)). Maybe I should read that
article closer... :-)

> Gotcha.  I wasn't aware it was *35* :-) I was thinking/hoping
> more like 3 or 4 with random garbage.
(citation from the above mentioned paper:) "Modern PRML/EPRML"
drives (whatever that might be; I think my hard discs both do
PRML) just need some random data passes... So you should first
check, which kind of drive you need a tool for.

Furthermore overwriting the old data once with zeroes should
protect you against most attackers... Especially when they are
remote attackers, that have to use your operating system for the

Maybe you should analysze the kind of attacks, you want to care
for: Will they get physical access to your hard disc? Or will they
just read from the raw device (/dev/ad0...) with "dd" or so?


Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 

More information about the freebsd-fs mailing list