Secure erasing Info (fwd from richard at SCL.UTAH.EDU)

Tue May 3 10:10:07 PDT 2005

Jason Holt wrote:

>There are lots of pitfalls in secure erasure, even without considering
>physical media attacks.  Your filesystem may not overwrite data on the same
>blocks used to write the data originally, for instance.  Plaintext may be left
>in the journal and elsewhere.  Even filling up the disk may not do it, as some
>filesystems keep blocks in reserve.  I did a demo a few years ago where I
>wrote plaintext, overwrote, then dumped the filesystem blocks out and found
>parts of the plaintext.
>
>For anybody who hasn't read it, the Gutmann paper is "Secure Deletion of Data
>from Magnetic and Solid-State Memory", and is highly recommended.  He shows
>that even RAM isn't safe against physical media attacks.
>  
>

Incase anyone's too lazy to google it, Peter Gutmann's paper can be 
found here: 
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

Good point.  So, modify that with - create a block-level encrypted file 
system on the flash drive, so long as you key and passphrase are good, 
you should be safe enough...  I've also seen this little toy:  
http://www.biostik.com/  a bit pricey, but depending on your threat 
model, might add another layer of protection.  Not something I'd 
personally bother with - esp with the recent stuff about how to make 
fake fingerprints, etc (funny thing is that your fingerprints will be on 
the case of this thing, so not much security there), but YMMV based on 
your threat model, right?    But, as always, encrypt early and often.  :-D

Would make an interesting side conversation about how fingerprints are 
passwords, but passwords that can (now?) be easily stolen and replayed.  
IMHO, it casts doubt on a lot of biometric methods.  Wonder if it would 
be possible to create an image of an iris that would pass an iris scan, 
if so, both fingerprints and irises become much like permanent credit 
cards, but worse, which once duplicated, cannot be revoked.  One can 
imagine in the future once ATM's have iris scanners, that some evil 
group will set up a fake ATM with a very good CCD camera setup to 
capture irises as well as ATM cards and pin #'s... and, why not, also 
finger prints if future ATM's use such scanners.