lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20061101161700.GA5212@schatzie.adilger.int>
Date:	Thu, 2 Nov 2006 00:17:00 +0800
From:	Andreas Dilger <adilger@...sterfs.com>
To:	Nikolai Joukov <kolya@...sunysb.edu>
Cc:	Erik Mouw <erik@...ddisk-recovery.com>,
	Samuel Tardieu <sam@...1149.net>, linux-ext4@...r.kernel.org
Subject: Re: Shred mount option for ext4?

On Oct 31, 2006  15:14 -0500, Nikolai Joukov wrote:
> 1. One of the patches performs N overwrites with configurable patterns
> (can comply with NIST and NISPOM standards).  Because of the transaction
> compaction we had to separately add overwriting as separate transactions.
> Fortunately, the whole procedure is still atomic due to the orphan list.
> The problem that we have right now is per-file syncing of dirty data
> buffers between overwrites.  We sync the whole device at the moment.

Did anyone discuss doing this with crypto instead of actually overwriting
the whole file?  It would be pretty easy to store a per-file crypto key
in each inode as an EA, then to "delete" the file all that would be
needed would be to erase the key in a secure matter (which is a great
deal easier because inodes don't move around on disk).

The drawback is there is a runtime overhead to encrypt/decrypt the file
data, but honestly, if people care about secure deletion don't they also
care about security of the undeleted data also?  By having an (unknown
to the user) per-file crypto key then if the file is deleted the user
can also plausibly deny the ability to recover the file data even if
they are forced to surrender their key.

Cheers, Andreas
--
Andreas Dilger
Principal Software Engineer
Cluster File Systems, Inc.

-
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ