Re: PATCH - ext2fs privacy (i.e. secure deletion) patch

From: Pavel Machek
Date: Sat Feb 07 2004 - 12:24:20 EST


Hi!

> > As I now understand, you are proposing a file system which has per file
> > encryption where the key is stored in the inode. The inode is then the
> > only location with senstive data which needs to be removed.
>
> Yes.
>
> > Also, this proposal seems to me more related to how to implement an
> > encrypted file system, than how to implement secure deletion on existing
> > file systems.
>
> Not really, this is pointing out an alternative means of secure
> deletion _if_ you have encryption. The points I wanted to make were,
> most important first:
>
> - Overwriting data does not always do what you think it does.
> Several block devices _do not_ overwrite the same storage blocks.
> Thus it is dangerous to call something "secure deletion"
> when it might not do anything at all.

But you have same vulnerability, crypto does not help here. If your
i-node happens to be put on other place, attacker still gets the key
intact etc.

There's not much you can do. [It may be even worse with that
crypto... If you kick the table while your top-secret .mpg.tgz collection
is accessed, you are likely to cause bad sector within i-node,
attacker can get the key, and decrypt it all. With on-place
overwriting he only gets one block.]
Pavel
--
When do you have a heart between your knees?
[Johanka's followup: and *two* hearts?]
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/