Re: PATCH - ext2fs privacy (i.e. secure deletion) patch

From: Jamie Lokier
Date: Fri Feb 06 2004 - 21:21:14 EST


Hans Reiser wrote:
> reiser4 probably does not need secure deletion as much as others,
> because once the encryption plugins are debugged we will most likely
> encourage users to use encryption by default. Perhaps someone will show
> the error in my thinking though, I am not trying to be rigid here....

With encrypted block devices, there is the possibility that someone
may discover your key, or gain access to your computer (e.g. steal
your laptop while it's switched on, or someone puts a gun to your head
and makes you enter the key).

If someone gets access you might be glad you securely deleted some
files by overwriting the blocks.

When encryption is implemented in the filesystem itself, this is
preventable.

There is a cryptographic way to ensure deleted files cannot be
recovered even when someone knows the filesystem key, without needing
to overwrite the files. This is even better than overwriting, because
it resists signal processing methods on the hard disk platter, and is
effective with virtual devices where overwriting does not actually
erase the original data (e.g. VMware or Bochs copy-on-write disk
image; LVM snapshots; some SAN devices).

Thanks in advance for the implementation :)

-- Jamie
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/