Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: file shredding tools



 Why not use something that will write out zero's to all the bits on the 
given volume? Or use badblocks? ~Ben 

On Wed, Apr 16, 2008 at 7:34 PM, Bill Ricker <[hidden email]> wrote: 

> >  A regulatory question: What if one ran high quality encryption on top 
> of 
> > the raided disks or rebalancing LVM devices.  It seems that should make 
> the 
> > regulations happy.  Would that work? 
> 
> The issue is can someone UNDELETE a file you've shred'ed or whatever 
> if they really really want to. 
> 
> As in have the resources of a hostile government sponsored espionage 
> agency or commercial competitor or organized crime syndicate. 
> 
> SHRED(1G) is enough for use on a easy to trash 1980's filesystem, if 
> you have enough flags to make life difficult for your adversary. (you 
> need several flags if they have a  scanning force microscope of 
> appropriate form and several months.). 
> 
> For a resilent, no-fsck-needed modern filesystem, or a RAID shred(1g) 
> and friends don't have deep enough hooks to find and GUARANTEE 
> multiply re-write, not just free, all the redundant bits.  [It MIGHT 
> rewrite all the bits of  both copies in a RAID1, but they don't 
> guarantee it?) 
> 
> For merely regulatory compliance, where good faith "best commercial 
> practices" may be a defence against liability,  it *might* be 
> sufficient if you destroy the keys and free the storage. 
>  If you really want to be sure no one gets the data, you also need to 
> REALLY really know you destroyed the keys, all copies of the keys, any 
> temp files' free blocks that might bits of key. Same problem though on 
> a smaller file. 
> 
> In JABR's case, he's not protecting HIS regulatory compliance, he's 
> protecting his CUSTOMER's compliance, so needs to match THEIR paranoia 
> and risk level. 
> 
> -- 
> Bill 
> [hidden email] [hidden email] 
> 
> -- 
> This message has been scanned for viruses and 
> dangerous content by MailScanner, and is 
> believed to be clean. 
> 
> _______________________________________________ 
> Discuss mailing list 
> [hidden email] 
> http://lists.blu.org/mailman/listinfo/discuss
> 


BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org