Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: file shredding tools



 >  A regulatory question: What if one ran high quality encryption on top of 
> the raided disks or rebalancing LVM devices.  It seems that should make the 
> regulations happy.  Would that work? 

The issue is can someone UNDELETE a file you've shred'ed or whatever 
if they really really want to. 

As in have the resources of a hostile government sponsored espionage 
agency or commercial competitor or organized crime syndicate. 

SHRED(1G) is enough for use on a easy to trash 1980's filesystem, if 
you have enough flags to make life difficult for your adversary. (you 
need several flags if they have a  scanning force microscope of 
appropriate form and several months.). 

For a resilent, no-fsck-needed modern filesystem, or a RAID shred(1g) 
and friends don't have deep enough hooks to find and GUARANTEE 
multiply re-write, not just free, all the redundant bits.  [It MIGHT 
rewrite all the bits of  both copies in a RAID1, but they don't 
guarantee it?) 

For merely regulatory compliance, where good faith "best commercial 
practices" may be a defence against liability,  it *might* be 
sufficient if you destroy the keys and free the storage. 
  If you really want to be sure no one gets the data, you also need to 
REALLY really know you destroyed the keys, all copies of the keys, any 
temp files' free blocks that might bits of key. Same problem though on 
a smaller file. 

In JABR's case, he's not protecting HIS regulatory compliance, he's 
protecting his CUSTOMER's compliance, so needs to match THEIR paranoia 
and risk level. 

-- 
Bill 
[hidden email] [hidden email] 

-- 
This message has been scanned for viruses and 
dangerous content by MailScanner, and is 
believed to be clean. 

_______________________________________________ 
Discuss mailing list 
[hidden email] 
http://lists.blu.org/mailman/listinfo/discuss
 


BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org