Re: PATCH - ext2fs privacy (i.e. secure deletion) patch

From: Edward Shishkin
Date: Mon Feb 09 2004 - 07:08:43 EST

Next message: Arjan van de Ven: "Re: New mailing list for 2.6 Medley RAID (Silicon Image 3112 etc.) BIOS RAID development"
Previous message: Thomas Horsten: "Re: New mailing list for 2.6 Medley RAID (Silicon Image 3112 etc.)BIOS RAID development"
Next in thread: Hans Reiser: "Re: PATCH - ext2fs privacy (i.e. secure deletion) patch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hans Reiser wrote:
>
> Exactly right.
>
> Hans
>
> Jamie Lokier wrote:
>
> >the grugq wrote:
> >
> >
> >>If, on the other hand, we have a threat model of, say, the police, then
> >>things are very different. In the UK, there is a law which requires you
> >>to turn over your encryption keys when the court demands them. The
> >>police have a tactic for extracting keys which involves physical
> >>violence and intimidation. These are very effective against encryption.
> >>
> >>
> >
> >This is how to implement secure deletion cryptographically:
> >
> > - Each time a file is created, choose a random number.
> >
> > - Encrypt the number with your filesystem key and store the
> > encrypted version in the inode.
> >
> > - The number is used for encrypting that file.
> >
> >Secure deletion is then a matter of securely deleting the inode.
> >The file data does not have to be overwritten.
> >
> >This is secure against many attacks that "secure deletion" by
> >overwriting is weak against. This includes electron microscopes
> >looking at the data, and UK law. (The police can demand your
> >filesystem key, but nobody knows the random number that belonged to a
> >new-deleted inode).

Also they will demand this random number since the court can consider it
as a part of your secret key. So just delete your secret key without creating
meaningless infrastructure ;)
Edward.

> >
> >There is a chance the electron microscope may recover the number from
> >the securely deleted inode. That is the weakness of this system,
> >therefore the inode data should be very thoroughly erased or itself
> >subject to careful cryptographic hding.
> >
> >-- Jamie
> >-
> >To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> >the body of a message to majordomo@xxxxxxxxxxxxxxx
> >More majordomo info at http://vger.kernel.org/majordomo-info.html
> >Please read the FAQ at http://www.tux.org/lkml/
> >
> >
> >
> >
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Arjan van de Ven: "Re: New mailing list for 2.6 Medley RAID (Silicon Image 3112 etc.) BIOS RAID development"
Previous message: Thomas Horsten: "Re: New mailing list for 2.6 Medley RAID (Silicon Image 3112 etc.)BIOS RAID development"
Next in thread: Hans Reiser: "Re: PATCH - ext2fs privacy (i.e. secure deletion) patch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]