lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sat, 24 Jan 2015 01:27:20 +0000
From:	Pádraig Brady <P@...igBrady.com>
To:	Alexander Holler <holler@...oftware.de>,
	David Howells <dhowells@...hat.com>
CC:	linux-kernel@...r.kernel.org, linux-kbuild@...r.kernel.org,
	Michal Marek <mmarek@...e.cz>,
	Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: [PATCH] modsign: overwrite keys with zero before deleting them

On 24/01/15 00:13, Alexander Holler wrote:
> Am 24.01.2015 um 00:58 schrieb David Howells:
>> Alexander Holler <holler@...oftware.de> wrote:
>>
>>> This is for the more paranoid people, also it's
>>> questionable what paranoid nowadays means.
>>
>> shred?
> 
> Seems to do the same like when using dd, just that it does it moultiple
> times.
> 
> And according to an article I've read some years ago, overwrriting a
> blocks on harddisks multiple times doesn't really make sense because
> doing it just once is enough (the necessity to do it multiple times
> seems to have been one of these unexplainable myths in the IT) .
> 
> So I've no idea if it's worth to use shred and have no idea if it's part
> of any GNU/Linux system (seems likely as it it's part of coreutils), how
> it's maintained and how long it will be available.
> 
> But if requested, I will replace that dd with shred or just feel free to
> do it yourself.

shred is in the same package as dd (coreutils).
It's a bit more paranoid about syncing.
It also tries to write the exact size of the file,
and then rounded up block sizes to decrease the
chance of file system reallocation.
Agreed on the multiple writes being quite futile these days.
Generally overwriting with dd or shred etc. is only useful
at the device level rather than at the file system level.
Anyway to be slightly more paranoid and explicit you could:

  shred -n1 ./signing_key.priv

Pádraig.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ