wiping files
Uri Even-Chen
uri at speedy.net
Tue Feb 15 22:00:03 IST 2011
On Tue, Feb 15, 2011 at 21:30, Michael Tewner <tewner at gmail.com> wrote:
> 2011/2/9 shimi <linux-il at shimi.net>
>>
>>
>> On Wed, Feb 9, 2011 at 9:50 PM, Uri Even-Chen <uri at speedy.net> wrote:
>>>
>>> Thank you.
>>>
>>> Wiping files is part of pretty good privacy (PGP) - if you want
>>> privacy you need to wipe your deleted files.
>>>
>>>
>>
>> I would trust having them all at encrypted-state at all times (and avoiding using swap) to be a must better approach.
>>
>> I couldn't care less if someone takes my random data which he has no key for, and read it for fun... I suspect this is not too different than reading /dev/random.
>>
>> -- Shimi
>>
>
> That's the concept for ZFS secure deletion. As per
> http://www.c0t0d0s0.org/archives/5793-Secure-Deletion-with-ZFS.html :
> <snip>
> Use encryption and when you want to delete the data throw away the
> matching key.
> <snip>
> And this is exactly the way, secure deletion will be done with ZFS.
> It´s done by encryption. You will be able to define an encryption key
> by dataset and when you want to delete a dataset securely just throw a
> way the key. Remember that creating a dataset is as easy as creating a
> directory in ZFS. ZFS Crypto will be the solution for the secure
> delete challenge.
Secure deletion is different than encryption! Remember that no
encryption is 100% safe. With encryption it's still possible to read
your data, if somebody finds your key; it's possible that in the
future they will be able to decrypt those encryptions; and you might
even give the key. With secure deletion it's not possible. Once you
delete files they are gone! If somebody is able to read them then it's
not secure deletion. And if you have a file you want to encrypt, you
should securely delete the original file after encryption, otherwise
you didn't do anything. If you just encrypt the file and delete the
original file (not securely), then it's still on your hard disk!
Secure deletion is very important.
Uri Even-Chen
Mobile Phone: +972-50-9007559
E-mail: uri at speedy.net
Website: http://www.speedy.net/
More information about the Linux-il
mailing list