[17205] in bugtraq
Re: File "shredding"
daemon@ATHENA.MIT.EDU (Kurt Seifried)
Fri Oct 13 18:38:00 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <00a001c0348b$82b9ff60$6900030a@seifried.org>
Date: Thu, 12 Oct 2000 14:32:15 -0600
Reply-To: Kurt Seifried <listuser@seifried.org>
From: Kurt Seifried <listuser@SEIFRIED.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
The only way to be somewhat sure (high degree of confidence, oh yeah) is to
keep the file encrypted on the disk at all times and only decrypt it in
memory (which unfortunately also means swap partitions nowadays). OpenBSD
has such a beastie, and it is possible in other OS's. If you want to be
really paranoid you could have a program wipe swap as part of shutdown, one
option is http://wipe.sourceforge.net/. For example in Linux use swapoff,
then wipe the device(s) that had the swap partition.
From:
http://www.securityportal.com/research/cryptodocs/basic-book/
Chapter 10 - Encrypting files and drives in Linux, BSD, and other Unices
http://www.securityportal.com/research/cryptodocs/basic-book/chapter-10.html
I'd cut and paste it here but it's about 5 printed pages in a small font =).
Kurt Seifried - seifried@securityportal.com
SecurityPortal, your focal point for security on the net
http://www.securityportal.com/