tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: summer of code - scrub feature

On Mon, 23 Mar 2009, Christos Zoulas wrote:

In article <>,
Thor Lancelot Simon  <> wrote:
On Mon, Mar 23, 2009 at 02:26:40AM +0000, Alistair Crooks wrote:

If you're going down this route, you should also be encrypting any
swap partitions, of course, using tempested hardware, and wearing tin
foil on your head.  As ever, this is a question of what's possible,
and of securing yourself as much as is economically and comfortably

That's just silly -- and it goes nowhere to address my basic point,
which is that causing extra disk writes -- much less the painstakingly
flushed multiple overwrites that, for example, rm -P does -- today, is
much, much more expensive than just encrypting the entire volume and
being done with it.

I think it's a bad idea to waste effort on zeroizing erased data when
the same effort could be spent making it easier to do the _cheaper_
operation of just encrypting the data in the first place.  Jibes about
tinfoil hats are unhelpful, but make them if you like; I am done wasting
my time being spat on for talking common sense to the sky while it's

I think it is a lot more useful making cgd easy to configure/use during
installation rather than spending a lot of time trying to erase data
and in the end giving the user the false sense of security since we
are not going to be solving the spared sector problem.

        A SoC project to add cgd support to the bootblocks and code to
        pass across to the kernel could be very worthwhile...

                David/absolute       -- No hype required --

Home | Main Index | Thread Index | Old Index