lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed Jan 18 20:09:55 2006
From: bkfsec at sdf.lonestar.org (bkfsec)
Subject: Secure Delete for Windows

J.A. Terranson wrote:

>
>
>(1) I do have something "useful to say".  The exact same thing every other
>security conscious person is saying:
>
>No source?  An exe?  Baaaaaddddd newwwwwssssss....
>
>Publicly released "tools" are only safely released through open source
>(or, "full disclosure" if you prefer).  Without source, it's you who
>should be taking a turn at stfu.
>
>  
>
I'm going to back up the general point of J.A.'s statement.

People who don't care about security and could care less about 
transparency don't, by and large, use "file shredders".  A handful of 
paranoid users might, but I think that these people are few and far 
between.  Ensuring that files are deleted represents a willfulness 
amongst the user to be detailed (or paranoid, perhaps, depending on 
their motives and intentions). 

As such, I think that the same kinds of people who might be interested 
in a tool like this would be interested in reviewing the source code, 
for two reasons:

          - Verification that the code is not a trojan.
          - Ensuring that the methods used in the secure deletion 
utility are sound.  (Which is perhaps more important for the 
detail-oriented.)

In the end, it's easy to see the value of transparency, particularly in 
a product like this.  There really is no sound argument for 
proprietization anymore.  Code is so heavily commoditized that most 
programs are reinventions of older concepts.  That isn't to say that 
there isn't some innovation going on, but the reality is that the only 
argument that can be used for proprietization is profit, and that's an 
argument that has been getting progressively less enticing as more 
commoditization occurs and as more code projects are shipped off to 
offshore workshops, the draw of proprietization is decreased - I would 
even say antiquated.   Interestingly, people continue to proprietize 
code even in the face of that.  I guess that that green aura is somewhat 
blinding. :)

(Not flaming anyone, just making some observations.)

                -bkfsec

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ