wipe utility

Derek Martin invalid at pizzashack.org
Tue Aug 17 22:57:09 EDT 2004 

On Tue, Aug 17, 2004 at 09:58:31PM -0400, bscott at ntisys.com wrote:
>   Most important of all, in order to make use of data in a filesystem
> journal, you basically need to assume the attacker has achieved full root
> compromise of your system.  

Or have gained physical access to the hard disk, which is a lot more
likely...  If one had sensitive data on the drive which they were
concerned about someone walking off with... well, that'd be the way to
get it.  If the data were valuable to others in some way, it might
even be worth breaking into your home for.

> At that point, you're pretty much fscked, no matter what.  They
> could just as easily modify your kernel to divert a copy of
> everything you do to their system, with you none the wiser.

Well, it would probably make the system a lot slower...  One might
notice that.

>   So, sure, if it gives you a warm fuzzy, go right ahead with the
> "non-journaling filesystems are safer" idea.  Wear a tin-foil hat, too.  
> You never know -- there might really *be* secret government mind-control
> satellites.  :-)

Going with an encrypted partition is a much better idea, if one is
really concerned about this, I'd agree.

>   If you were really serious, you would start by never connecting a system
> containing sensitive information to a public network like the Internet.  

For mere mortals with financial and logistical constraints, that's not
always an option.  Managing IA is about managing risks, but it's also
about managing costs...

> You physically secure the whole computer.  It's called "system high".

Really?  I've never heard that term before.  Have any links?

>   Another valid technique is to encrypt data using a long asymmetric key
> kept on removable media, and protected with a strong pass-phrase.  
> Decryption is to volatile storage only (i.e., RAM).  This achieves much
> better confidentiality then any automated system that has access to the
> secret keys, and also achieves much better availability, as forgetting to
> reset the deadman timer won't destroy anything.

Well, IIRC, the best encryption that Linux can do to a partition is
AES 256.  I'm sure that there is third-party security software which
can do better...  But can you be sure the third party won't sell out
your data?  Also, as above, many people who desire data privacy may
not be able to afford "better" solutions.

>   Deadman timers are usually a sign of an amateur.  Real systems are secure
> regardless of how long they sit idle.

Do you think NSA can't crack AES 256?  If they can, isn't it likely
that others could too?  If you need to be certain, a dead-man timer
may have value.  Though, there's the question of how effective the
shredding will be at obscuring what was stored there before...

> > Some hard drives, btw, do come with their own security shredding abilities
> > built in.
> 
>   I haven't seen that.  I'm interested.  Got any links?

Me too.

-- 
Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail.  Sorry for the inconvenience.  Thank the spammers.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20040817/40c9852e/attachment-0001.bin

More information about the gnhlug-discuss mailing list