tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: GSOC 2012 project clarification



On Mon, 2 Apr 2012 22:02:35 +0200
Matthias Drochner <M.Drochner%fz-juelich.de@localhost> wrote:

> I'm not the originator of that project, but I've recently worked on
> support for SSD trim/erase commands which is quite similar technically.
> If this project materializes, I do offer my help. For now just two
> comments:
> 
> On Sun, 1 Apr 2012 13:04:13 -0400
> Sanket Padawe <sanketp12%gmail.com@localhost> wrote:
> > whenever that flag is set and a file/folder
> > gets deleted i.e. at the point of unlink system call we just need to
> > rewrite all the blocks of that file with some random data and then
> > release those blocks.
> 
> The deletion is generally not at the time of "unlink". It happens when
> the file isn't referenced by anything anymore. It needs to happen
> after that point, but before the file system's allocation management
> gets notified that the data blocks can be reused.
> For performance, this needs to be dove asynchronously. It needs some
> knowledge about kernel locking and signaling mechanisms to implement.
> 
> > So by
> > generating some pseudo random numbers we can erase the previous secure
> > data.
> 
> I'm not sure that pseudo-random numbers help security in the general
> case, compared to just zeros. For a plain harddisk, either one is
> good enough. For a SSD, both are useless. A difference would be
> if the device was an encrypted disk because all-0 would be a perfect
> "known plaintext". It should be configurable.

For reference, perhaps see what rm(1) -P option does (and GNU's
shred(1)), which is a commonly used technique: overwrite with 0xff,
overwrite with 0x00, then with some pseudo-random data.  I'm not sure
if the last step is necessary, but it's generally recommended to not
just overwrite with 0x00 but also with 0xff first.

rm(1) tells where to read more:
     The -P option attempts to conform to U.S. DoD 5220-22.M, "National
     Industrial Security Program Operating Manual" ("NISPOM") as updated by
...

Some hardware also support the feature, and as a second step it might
be nice to be able to use this feature where available...
-- 
Matt


Home | Main Index | Thread Index | Old Index