--pzbqGaOtRNiVr7w4
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Jun 07, 2002 at 10:48:28AM -0700, Bill Studenmund wrote:
> On Fri, 7 Jun 2002, Gary Thorpe wrote:
> > That sounds simple and appropriate but it does not guarantee that the f=
ile's
> > old data is not recoverable. As hypothesized, the system may crash befo=
re
> > data is written to the disk in the overwrite phase.
> I don't think you can.

Sure you can. Use the CryptFS patches discussed here (or was it on
tech-security? All of tech-* goes to the same mbox for me, so it's a
little hazy) quite recently. (Granted, the data's still there, but
it's much harder to get out.)

Gary, if you *really* want something to be unrecoverable, it must
*never* touch disk. That means not only that it must never be
actively written to disk, but that it *must* live in kernel wired
pages of memory, rather than regular pages of memory.

This is really a discussion for tech-security not tech-kern if what
your looking for is general advice. If you're doing something this
security sensitive, there are a lot of other precautions you should
be taking.

--=20
gabriel rosenkoetter
gr@eclipsed.net

--pzbqGaOtRNiVr7w4
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (NetBSD)

iD8DBQE9APuR9ehacAz5CRoRAlyVAKCmdx5MGjiXunCnGgBH41HhnedVigCgsTkL
p9nzp7Q7QqbIrDzcJz7slQc=
=mYVL
-----END PGP SIGNATURE-----

--pzbqGaOtRNiVr7w4--