| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 26 Jan 2010 11:10:29 -0500 From: T Biehn <tbiehn@...il.com> To: Christian Sciberras <uuf6429@...il.com> Cc: full-disclosure <full-disclosure@...ts.grok.org.uk> Subject: Re: Disk wiping -- An alternate approach? Oh yeah, another note: If you use a chaining block cipher than you only need to wipe the first block to make the rest of your data unrecoverable. Most FDE's actually use a pw to decrypt the actual decryption key, that block functions much the same, if you can wipe that then the rest of the data is unusable. Note, anyone who has pulled your key from memory via trojan or other means at an earlier time will be able to recover your data unless the first block of the stream has been wiped. This might be common practice in sneak and peek routines. -Travis On Tue, Jan 26, 2010 at 11:04 AM, Christian Sciberras <uuf6429@...il.com> wrote: > I was thinking, since all this (reasonable) fuss on wiping a disk over 10 > times to ensure non-readability, how come we're yet very limited on space > usage? > If, for example, I overwrote a bitmap file with a text one, what stops the > computer from recovering/storing both (without using additional space)? > Just a couple curiosities of mine. > > > > > > On Tue, Jan 26, 2010 at 4:08 PM, Michael Holstein > <michael.holstein@...ohio.edu> wrote: >> >> > By the way, does somebody knows about the flash memory? >> > Is zeroing a whole usb key enough to make the data unrecoverable? >> > >> >> No, wear-leveling (done at the memory controller level) will dynamically >> re-map addresses on the actual flash chip to ensure a relatively >> consistent number of write cycles across the entire drive. >> >> The only way to completely "wipe" a flash disk is with a hammer. >> >> Regards, >> >> Michael Holstein >> Cleveland State University >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on http://pastebin.com/f6fd606da _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists