Jason Holt wrote:
There are lots of pitfalls in secure erasure, even without considering physical media attacks. Your filesystem may not overwrite data on the same blocks used to write the data originally, for instance. Plaintext may be left in the journal and elsewhere. Even filling up the disk may not do it, as some filesystems keep blocks in reserve. I did a demo a few years ago where I wrote plaintext, overwrote, then dumped the filesystem blocks out and found parts of the plaintext.
For anybody who hasn't read it, the Gutmann paper is "Secure Deletion of Data from Magnetic and Solid-State Memory", and is highly recommended. He shows that even RAM isn't safe against physical media attacks.
Incase anyone's too lazy to google it, Peter Gutmann's paper can be found here: http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html Good point. So, modify that with - create a block-level encrypted file system on the flash drive, so long as you key and passphrase are good, you should be safe enough... I've also seen this little toy: http://www.biostik.com/ a bit pricey, but depending on your threat model, might add another layer of protection. Not something I'd personally bother with - esp with the recent stuff about how to make fake fingerprints, etc (funny thing is that your fingerprints will be on the case of this thing, so not much security there), but YMMV based on your threat model, right? But, as always, encrypt early and often. :-D Would make an interesting side conversation about how fingerprints are passwords, but passwords that can (now?) be easily stolen and replayed. IMHO, it casts doubt on a lot of biometric methods. Wonder if it would be possible to create an image of an iris that would pass an iris scan, if so, both fingerprints and irises become much like permanent credit cards, but worse, which once duplicated, cannot be revoked. One can imagine in the future once ATM's have iris scanners, that some evil group will set up a fake ATM with a very good CCD camera setup to capture irises as well as ATM cards and pin #'s... and, why not, also finger prints if future ATM's use such scanners.