Re: What the NSA is patenting
At 12:18 AM 9/7/96 -0800, Adamsc wrote:
On Fri, 06 Sep 1996 11:59:18 -0500, John Deters wrote:
I hope some hardware hacker who knows their low-level stuff will be able to write a secure disk wiper.
They have: it's called a bulk tape eraser. <g>
I'd just store everything sensitive on a floppy. Those are easy to erase with a heavy duty magnet (not a wimpy refrigerator magnet). I understand slagging one in the microwave is also effective <g>.
Just remember that an AC-driven bulk eraser will be far more effective than a permanent magnet at erasing data securely. An oscillating magnet field re-magnetizes the floppy 120 times per second, as opposed to the single magnetization done by the permanent magnet. Each pass through the hysteresis curve brings down residual signals somewhat, maybe 10 db. With the AC field, it's hard NOT to have a good erase. Jim Bell jimbell@pacifier.com
Burning the floppy would seem to solve the problem. Lock sensitive data in RAM away from disks except for burnable floppies. I guess linux can be configured to keep sensitive data in a RAM filesystem, keeping it from being synced or flushed.
Burning the floppy would seem to solve the problem. Lock sensitive data in RAM away from disks except for burnable floppies. I guess linux can be configured to keep sensitive data in a RAM filesystem, keeping it from being synced or flushed.
Currently, I am hacking up a prototype of an armored keysigning box using an old 386. This box signs/decodes incoming E-mail as long as the key switch is in the correct position. The key remains in /dev/ram0, and is encrypted, as well as stored in a .au file. For one of the keys, I am using a hacked des program that reads a file off a floppy for the TDES key before copying the PGP key into the ramdrive. What I plan to do is write software so that multiple floppies are needed to load the key into the RAM filesystem, and to "lock" the machine. After the key is loaded, all network daemons are killed except smail, and all gettys are killed. This makes it hard for someone locally to get to the RAM drive. If the box is rebooted, or turned off -- bye bye RAM drive.
participants (3)
-
Douglas R. Floyd -
jim bell -
Troy Varange