gbde blackening feature - how can on disk keys be "destroyed" thoroughly?

[David Kreil]

Dear Poul-Henning,

> >> On a modern disk there is no sequence of writes that will guarantee
> >> you that your data is iretriveable lost.
> >> Even if you rewrite a thousand times, you cannot guard yourself against
> >> the sector being replaced by a bad block spare after the first write.
> >
> >Good point. In the rare chance event that this happens, it would indeed be
> >bad 
> >news as an attacker would then only have to scan the bad blocks for possible 
> >copies of the key.
> 
> He still has no way of recognizing the key though...

Right, he'd have to try them all.

> >A simple improvement on the present situation would already be if
> >the keys were not overwritten with zeros but with random bits. I
> >don't know how difficult it would be to attempt to physically write
> >random bits multiple times but it would much strengthen the feature
> >apart from the rare cases when the sectors of the masterkey have
> >been remapped into bad blocks.
> 
> Please read the paper, there is a reason why it is zero bits.

Sorry, forgot.

> >What do you think? Is the required effort disproportional to the
> >intended value of the blackening feature?
> 
> Blackening adds no significant incremental security imo,

>From a security point of vie, yes. From a social/civil-liberties/legal point 
of view, I felt it was an excellent thing to have.

> on the
> other hand it is feasible to implement it, so I've put it on the
> todo list.

That's great, thanks a lot!

With best regards,

David.


------------------------------------------------------------------------
Dr David Philip Kreil                 ("`-''-/").___..--''"`-._
Research Fellow                        `6_ 6  )   `-.  (     ).`-.__.`)
University of Cambridge                (_Y_.)'  ._   )  `._ `. ``-..-'
++44 1223 764107, fax 333992         _..`--'_..-_/  /--'_.' ,'
www.inference.phy.cam.ac.uk/dpk20   (il),-''  (li),'  ((!.-'