Re: [PATCH] modsign: overwrite keys with zero before deleting them

From: Pádraig Brady
Date: Fri Jan 23 2015 - 20:27:29 EST


On 24/01/15 00:13, Alexander Holler wrote:
> Am 24.01.2015 um 00:58 schrieb David Howells:
>> Alexander Holler <holler@xxxxxxxxxxxxx> wrote:
>>
>>> This is for the more paranoid people, also it's
>>> questionable what paranoid nowadays means.
>>
>> shred?
>
> Seems to do the same like when using dd, just that it does it moultiple
> times.
>
> And according to an article I've read some years ago, overwrriting a
> blocks on harddisks multiple times doesn't really make sense because
> doing it just once is enough (the necessity to do it multiple times
> seems to have been one of these unexplainable myths in the IT) .
>
> So I've no idea if it's worth to use shred and have no idea if it's part
> of any GNU/Linux system (seems likely as it it's part of coreutils), how
> it's maintained and how long it will be available.
>
> But if requested, I will replace that dd with shred or just feel free to
> do it yourself.

shred is in the same package as dd (coreutils).
It's a bit more paranoid about syncing.
It also tries to write the exact size of the file,
and then rounded up block sizes to decrease the
chance of file system reallocation.
Agreed on the multiple writes being quite futile these days.
Generally overwriting with dd or shred etc. is only useful
at the device level rather than at the file system level.
Anyway to be slightly more paranoid and explicit you could:

shred -n1 ./signing_key.priv

Pádraig.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/