tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: summer of code - scrub feature

In article <>,
Thor Lancelot Simon  <> wrote:
>On Mon, Mar 23, 2009 at 02:26:40AM +0000, Alistair Crooks wrote:
>> If you're going down this route, you should also be encrypting any
>> swap partitions, of course, using tempested hardware, and wearing tin
>> foil on your head.  As ever, this is a question of what's possible,
>> and of securing yourself as much as is economically and comfortably
>> possible.
>That's just silly -- and it goes nowhere to address my basic point,
>which is that causing extra disk writes -- much less the painstakingly
>flushed multiple overwrites that, for example, rm -P does -- today, is
>much, much more expensive than just encrypting the entire volume and
>being done with it.
>I think it's a bad idea to waste effort on zeroizing erased data when
>the same effort could be spent making it easier to do the _cheaper_ 
>operation of just encrypting the data in the first place.  Jibes about
>tinfoil hats are unhelpful, but make them if you like; I am done wasting
>my time being spat on for talking common sense to the sky while it's

I think it is a lot more useful making cgd easy to configure/use during
installation rather than spending a lot of time trying to erase data
and in the end giving the user the false sense of security since we
are not going to be solving the spared sector problem.


Home | Main Index | Thread Index | Old Index