Secure Erasing is actually harder than that...
Ray Dillinger
bear at sonic.net
Tue Feb 20 10:18:40 PST 2001
On Mon, 19 Feb 2001, David Honig wrote:
>At 11:38 AM 2/19/01 -0800, Ray Dillinger wrote:
>>The problem is that data that's been written over once, or even
>>twice or ten times, can often still be read if someone actually
>>takes the platters out and uses electromagnetic microscopy on
>>them.
>
>Really? You think the fed specs on secure wiping are disinfo?
Disinformation is such an ugly word... and the published fed
specs on secure wiping apply to not-very-sensitive data. For
highly sensitive data, most secure wipe specs are classified,
or, as someone else here pointed out, involve physical destruction
of the drive.
I think this is probably one of the biggest gaps remaining in
system security. If you are careful, you can use BSD and GPG
etc to build a quite secure box - but if sensitive plaintexts
are ever stored on the drive, even if they are overwritten,
then when a data thief willing to spend enough bucks gets the
drive, you lose.
At the very least, we need browsers that don't store their caches,
cookies, or history files in cleartext.
We need mail programs that never EVER write the cleartext to the
disk.
We need newsreaders that don't store the articles in cleartext,
or for that matter the list of newsgroups that someone is subscribed
to.
We need editors that don't put cleartext on the disk when you
hit the "save" command.
This is basic stuff, fundamental. Hardware theft is a threat model
that's been far too often ignored in the design of secure systems.
Why bother to build a good cipher if you leave the plaintext lying
around where it can be stolen?
Bear
More information about the cypherpunks-legacy
mailing list