Background block scrubbing
David Schultz
das at FreeBSD.ORG
Thu Apr 28 15:29:22 PDT 2005
On Thu, Apr 28, 2005, Arne WXrner wrote:
> --- Robert Krten <root at parse.com> wrote:
> > =?iso-8859-1?q?Dag-Erling_Sm=F8rgrav?= sez...
> > > "Robert Krten" <root at parse.com> writes:
> > > > Is there a utility that does background unused block
> > > > scrubbing?
> > > >
> > > > What I'm thinking of is something that looks for unused
> > > > blocks on the
> > > > disk, and then writes zeros, then random, then more
> > > > random, etc, to them for security applications.
> > >
> > > That's not how it's done. Here's a good explanation of how
> > > to do it and why it must be done that way:
> > >
> > > http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
> >
> I think, that article dramatizes the problem a little, because: It
> says itself in the end, that with modern hard discs writing random
> data would be enough (so it is just 8 or so; I did not read the
> whole article and I am not so good in such things, but I do not
If you're truly paranoid, 1000 rewrites isn't enough. Consider,
for instance, that when the disk encounters problems reading a
particular sector, it will automatically reallocate that (logical)
sector somewhere else. Hence, the original sensitive information
remains on the disk no matter how many times the OS tells the disk
to write over the sector.
Furthermore, the firmware programs on modern high-end disk arrays
are just like operating systems in the sense they have their own
bugs, race conditions, etc. Misdirected and phantom writes,
however rare, can also expose your secret data. If you're going
to write your data to disk unencrypted, you have to trust that
everything from the OS I/O path to the device driver to the disk
controller to the disk is working correctly. By simply using
encryption, you can save on all of those rewrites with random
garbage and at the same time take a lot out of the trusted
computing base.
More information about the freebsd-fs
mailing list