Re: PATCH - ext2fs privacy (i.e. secure deletion) patch

From: the grugq
Date: Sat Feb 07 2004 - 04:59:00 EST

Next message: Maciej W. Rozycki: "Re: [ACPI] acpi problem with nforce motherboards and ethernet"
Previous message: Anton Blanchard: "Re: [PATCH] Load balancing problem in 2.6.2-mm1"
In reply to: Hans Reiser: "Re: PATCH - ext2fs privacy (i.e. secure deletion) patch"
Next in thread: Jamie Lokier: "Re: PATCH - ext2fs privacy (i.e. secure deletion) patch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sure, but to a large extent it depends on your threat model. If you say "an extremely well funded government entity wants to examine your hard drive" then they will have access to insane technologies like electron microscopes. This makes any software solution to secure deletion practically impossible (if we trust the literature).

If, on the other hand, we have a threat model of, say, the police, then things are very different. In the UK, there is a law which requires you to turn over your encryption keys when the court demands them. The police have a tactic for extracting keys which involves physical violence and intimidation. These are very effective against encryption. However, the police do not have access to hardware based analysis technologies, they are just too expensive. So, while they can recover something that has been encrypted, they can't recover something that has been securely deleted. (Not without begging the .gov to perform a hardware analysis, something which would be quite unlikely in the normal course of events).

The majority of forensic analysis is performed with software tools on a bit image of the hard drive. If this bit image doesn't contain the data, the software tools won't see it, and the forensic analysis will fail. I would suggest adding secure deletion, because it does provide a pretty good level of protection. It is not a 100% solution, but neither is encryption. The two in combination are complementary technologies.

peace,

--gq

Hans Reiser wrote:

There is an extensive literature on how you can recover deleted files from media that has been erased a dozen times, but breaking encryption is harder. It is more secure to not put the data on disk unencrypted at all is my point.....

Hans

the grugq wrote:

Well, I think secure deletion should be an option for everyone. Using encryption is a data hiding technique, you prevent people for detemining what sort of data is being stored there. Now, admittedly I dont know at what level the reiser4 encryption appears, but I would think its safer to have complete erasure when a file deleted regardless of how well protected its contents were.

just a thought.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Maciej W. Rozycki: "Re: [ACPI] acpi problem with nforce motherboards and ethernet"
Previous message: Anton Blanchard: "Re: [PATCH] Load balancing problem in 2.6.2-mm1"
In reply to: Hans Reiser: "Re: PATCH - ext2fs privacy (i.e. secure deletion) patch"
Next in thread: Jamie Lokier: "Re: PATCH - ext2fs privacy (i.e. secure deletion) patch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]