Re: summer of code - scrub feature

To: Thor Lancelot Simon <tls%rek.tjls.com@localhost>
Subject: Re: summer of code - scrub feature
From: David Holland <dholland-security%netbsd.org@localhost>
Date: Tue, 24 Mar 2009 11:21:34 +0000

On Sun, Mar 22, 2009 at 10:33:37PM -0400, Thor Lancelot Simon wrote:
 > [...] and it goes nowhere to address my basic point,
 > which is that causing extra disk writes -- much less the painstakingly
 > flushed multiple overwrites that, for example, rm -P does -- today, is
 > much, much more expensive than just encrypting the entire volume and
 > being done with it.

Sure, except encrypting the volume isn't equivalent. Cryptosystems
have limited lifetimes. The bits on a discarded drive platter are,
potentially, exposed indefinitely. For people who care about this
stuff, making an adversary wait a dozen so years before a brute-force
attack becomes feasible might or might not be an acceptable tradeoff.

-- 
David A. Holland
dholland%netbsd.org@localhost

Follow-Ups:
- Re: summer of code - scrub feature
  - From: Thor Lancelot Simon

References:
- summer of code - scrub feature
  - From: Stathis Kamperis
- Re: summer of code - scrub feature
  - From: Thor Lancelot Simon
- Re: summer of code - scrub feature
  - From: Alistair Crooks
- Re: summer of code - scrub feature
  - From: Thor Lancelot Simon
- Re: summer of code - scrub feature
  - From: Alistair Crooks
- Re: summer of code - scrub feature
  - From: Thor Lancelot Simon
- Re: summer of code - scrub feature
  - From: Alistair Crooks
- Re: summer of code - scrub feature
  - From: Thor Lancelot Simon

Prev by Date: Re: cgd (encrypted disk) support in bootblocks (Was: summer of code - scrub feature)
Next by Date: Re: summer of code - scrub feature
Previous by Thread: Re: cgd (encrypted disk) support in bootblocks (Was: summer of code - scrub feature)
Next by Thread: Re: summer of code - scrub feature
Indexes:

Home | Main Index | Thread Index | Old Index