Re: Zeroing sensitive memory chunks [Was: Security Flaw in Popular Disk Encryption Technologies]

On Tue, 26 Feb 2008 22:49:37 +0300
Eygene Ryabinkin <rea-fbsd@xxxxxxxxxxx> wrote:


Yes, Geoff just responded to my private question: it was Peter
Gutmann, who pointed him to the thing you're talking about. There
is a paper by Peter,
http://www.usenix.org/publications/library/proceedings/sec96/full_papers/gutmann/

There's an updated copy of this paper on Gutmann's site that points-out
that he was writing about devices that were being decommissioned in
the early nineties, and that he's sceptical about anything being
recovered from modern drives once they have been overwritten - even
once. The idea that that forensic scientists use this kind of technique
to recover deleted files is a myth.

I still don't understand how cleaning of a memory area will help
to clean the swapped page, but may be there are some systems which
will update the swapped page on the memory access.

That shouldn't be an issue since it's easy to encrypt swap with a
one-time key. In FreeBSD you simply append .eli to the swap
device name in fstab.
_______________________________________________
freebsd-hackers@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@xxxxxxxxxxx"