Secure Erasing is actually harder than that...

Jim Choate ravage at einstein.ssz.com
Tue Feb 20 14:48:53 PST 2001 


What we need is encrypted distributed file systems ala Plan 9.

http://plan9.bell-labs.com

http://www.vitanuova.com

    ____________________________________________________________________

           Before a larger group can see the virtue of an idea, a
           smaller group must first understand it.

                                           "Stranger Suns"
                                           George Zebrowski

       The Armadillo Group       ,::////;::-.          James Choate
       Austin, Tx               /:'///// ``::>/|/      ravage at ssz.com
       www.ssz.com            .',  ||||    `/( e\      512-451-7087
                           -====~~mm-'`-```-mm --'-
    --------------------------------------------------------------------

On Tue, 20 Feb 2001, Ray Dillinger wrote:

> 
> 
> On Mon, 19 Feb 2001, David Honig wrote:
> 
> >At 11:38 AM 2/19/01 -0800, Ray Dillinger wrote:
> >>The problem is that data that's been written over once, or even 
> >>twice or ten times, can often still be read if someone actually 
> >>takes the platters out and uses electromagnetic microscopy on 
> >>them. 
> >
> >Really?  You think the fed specs on secure wiping are disinfo?
> 
> Disinformation is such an ugly word...  and the published fed 
> specs on secure wiping apply to not-very-sensitive data.  For 
> highly sensitive data, most secure wipe specs are classified, 
> or, as someone else here pointed out, involve physical destruction 
> of the drive. 
> 
> I think this is probably one of the biggest gaps remaining in 
> system security.  If you are careful, you can use BSD and GPG 
> etc to build a quite secure box - but if sensitive plaintexts 
> are ever stored on the drive, even if they are overwritten, 
> then when a data thief willing to spend enough bucks gets the 
> drive, you lose.
> 
> At the very least, we need browsers that don't store their caches, 
> cookies, or history files in cleartext.
> 
> We need mail programs that never EVER write the cleartext to the 
> disk.
> 
> We need newsreaders that don't store the articles in cleartext, 
> or for that matter the list of newsgroups that someone is subscribed 
> to.
> 
> We need editors that don't put cleartext on the disk when you 
> hit the "save" command.
> 
> This is basic stuff, fundamental.  Hardware theft is a threat model 
> that's been far too often ignored in the design of secure systems. 
> Why bother to build a good cipher if you leave the plaintext lying 
> around where it can be stolen?
> 
> 				Bear
> 
>

More information about the cypherpunks-legacy mailing list