Secure Erasing is actually harder than that...
Jim Choate
ravage at einstein.ssz.com
Tue Feb 20 14:48:53 PST 2001
What we need is encrypted distributed file systems ala Plan 9.
http://plan9.bell-labs.com
http://www.vitanuova.com
____________________________________________________________________
Before a larger group can see the virtue of an idea, a
smaller group must first understand it.
"Stranger Suns"
George Zebrowski
The Armadillo Group ,::////;::-. James Choate
Austin, Tx /:'///// ``::>/|/ ravage at ssz.com
www.ssz.com .', |||| `/( e\ 512-451-7087
-====~~mm-'`-```-mm --'-
--------------------------------------------------------------------
On Tue, 20 Feb 2001, Ray Dillinger wrote:
>
>
> On Mon, 19 Feb 2001, David Honig wrote:
>
> >At 11:38 AM 2/19/01 -0800, Ray Dillinger wrote:
> >>The problem is that data that's been written over once, or even
> >>twice or ten times, can often still be read if someone actually
> >>takes the platters out and uses electromagnetic microscopy on
> >>them.
> >
> >Really? You think the fed specs on secure wiping are disinfo?
>
> Disinformation is such an ugly word... and the published fed
> specs on secure wiping apply to not-very-sensitive data. For
> highly sensitive data, most secure wipe specs are classified,
> or, as someone else here pointed out, involve physical destruction
> of the drive.
>
> I think this is probably one of the biggest gaps remaining in
> system security. If you are careful, you can use BSD and GPG
> etc to build a quite secure box - but if sensitive plaintexts
> are ever stored on the drive, even if they are overwritten,
> then when a data thief willing to spend enough bucks gets the
> drive, you lose.
>
> At the very least, we need browsers that don't store their caches,
> cookies, or history files in cleartext.
>
> We need mail programs that never EVER write the cleartext to the
> disk.
>
> We need newsreaders that don't store the articles in cleartext,
> or for that matter the list of newsgroups that someone is subscribed
> to.
>
> We need editors that don't put cleartext on the disk when you
> hit the "save" command.
>
> This is basic stuff, fundamental. Hardware theft is a threat model
> that's been far too often ignored in the design of secure systems.
> Why bother to build a good cipher if you leave the plaintext lying
> around where it can be stolen?
>
> Bear
>
>
More information about the cypherpunks-legacy
mailing list