Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
Why not use something that will write out zero's to all the bits on the given volume? Or use badblocks? ~Ben On Wed, Apr 16, 2008 at 7:34 PM, Bill Ricker <[hidden email]> wrote: > > A regulatory question: What if one ran high quality encryption on top > of > > the raided disks or rebalancing LVM devices. It seems that should make > the > > regulations happy. Would that work? > > The issue is can someone UNDELETE a file you've shred'ed or whatever > if they really really want to. > > As in have the resources of a hostile government sponsored espionage > agency or commercial competitor or organized crime syndicate. > > SHRED(1G) is enough for use on a easy to trash 1980's filesystem, if > you have enough flags to make life difficult for your adversary. (you > need several flags if they have a scanning force microscope of > appropriate form and several months.). > > For a resilent, no-fsck-needed modern filesystem, or a RAID shred(1g) > and friends don't have deep enough hooks to find and GUARANTEE > multiply re-write, not just free, all the redundant bits. [It MIGHT > rewrite all the bits of both copies in a RAID1, but they don't > guarantee it?) > > For merely regulatory compliance, where good faith "best commercial > practices" may be a defence against liability, it *might* be > sufficient if you destroy the keys and free the storage. > If you really want to be sure no one gets the data, you also need to > REALLY really know you destroyed the keys, all copies of the keys, any > temp files' free blocks that might bits of key. Same problem though on > a smaller file. > > In JABR's case, he's not protecting HIS regulatory compliance, he's > protecting his CUSTOMER's compliance, so needs to match THEIR paranoia > and risk level. > > -- > Bill > [hidden email] [hidden email] > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > _______________________________________________ > Discuss mailing list > [hidden email] > http://lists.blu.org/mailman/listinfo/discuss >
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |