| Message ID | 1422050221-28345-1-git-send-email-holler@ahsoftware.de (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Fri, Jan 23, 2015 at 10:57 PM, Alexander Holler <holler@ahsoftware.de> wrote: > This is for the more paranoid people, also it's > questionable what paranoid nowadays means. Isn't this complete useless when modern filesystems like btrfs or storage devices like SSDs are used? > Signed-off-by: Alexander Holler <holler@ahsoftware.de> > --- > Makefile | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/Makefile b/Makefile > index 7ad66de..590ff53 100644 > --- a/Makefile > +++ b/Makefile > @@ -1132,7 +1132,9 @@ ifeq ($(CONFIG_MODULE_SIG_THROW_AWAY), y) > @echo "###" > @echo "### Deleting key used to sign modules." > @echo "###" > + @dd status=none if=/dev/zero of=./signing_key.priv bs=4096 count=1 > @rm ./signing_key.priv > + @dd status=none if=/dev/zero of=./signing_key.x509 bs=4096 count=1 > @rm ./signing_key.x509 > endif > > -- > 2.0.5 > > -- > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/
Am 23.01.2015 um 23:06 schrieb Richard Weinberger: > On Fri, Jan 23, 2015 at 10:57 PM, Alexander Holler <holler@ahsoftware.de> wrote: >> This is for the more paranoid people, also it's >> questionable what paranoid nowadays means. > > Isn't this complete useless when modern filesystems like btrfs or > storage devices like SSDs are used? On SSDs it's likely useless, unfortunately. In regard to filesystems it depends (how knows what thay all do?). But it doesn't cost anything and might still be worth to use on conventional harddisks with several filesystems. I would like to have a secure-delete for FLASH based drives, but I assume it will need some time until someone established something like secure-trim and a userspace utility will be available. Regards, Alexander Holler -- To unsubscribe from this list: send the line "unsubscribe linux-kbuild" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Alexander Holler <holler@ahsoftware.de> wrote: > This is for the more paranoid people, also it's > questionable what paranoid nowadays means. shred? David -- To unsubscribe from this list: send the line "unsubscribe linux-kbuild" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Am 24.01.2015 um 00:58 schrieb David Howells: > Alexander Holler <holler@ahsoftware.de> wrote: > >> This is for the more paranoid people, also it's >> questionable what paranoid nowadays means. > > shred? Seems to do the same like when using dd, just that it does it moultiple times. And according to an article I've read some years ago, overwrriting a blocks on harddisks multiple times doesn't really make sense because doing it just once is enough (the necessity to do it multiple times seems to have been one of these unexplainable myths in the IT) . So I've no idea if it's worth to use shred and have no idea if it's part of any GNU/Linux system (seems likely as it it's part of coreutils), how it's maintained and how long it will be available. But if requested, I will replace that dd with shred or just feel free to do it yourself. Regards, Alexander Holler -- To unsubscribe from this list: send the line "unsubscribe linux-kbuild" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 24/01/15 00:13, Alexander Holler wrote: > Am 24.01.2015 um 00:58 schrieb David Howells: >> Alexander Holler <holler@ahsoftware.de> wrote: >> >>> This is for the more paranoid people, also it's >>> questionable what paranoid nowadays means. >> >> shred? > > Seems to do the same like when using dd, just that it does it moultiple > times. > > And according to an article I've read some years ago, overwrriting a > blocks on harddisks multiple times doesn't really make sense because > doing it just once is enough (the necessity to do it multiple times > seems to have been one of these unexplainable myths in the IT) . > > So I've no idea if it's worth to use shred and have no idea if it's part > of any GNU/Linux system (seems likely as it it's part of coreutils), how > it's maintained and how long it will be available. > > But if requested, I will replace that dd with shred or just feel free to > do it yourself. shred is in the same package as dd (coreutils). It's a bit more paranoid about syncing. It also tries to write the exact size of the file, and then rounded up block sizes to decrease the chance of file system reallocation. Agreed on the multiple writes being quite futile these days. Generally overwriting with dd or shred etc. is only useful at the device level rather than at the file system level. Anyway to be slightly more paranoid and explicit you could: shred -n1 ./signing_key.priv Pádraig. -- To unsubscribe from this list: send the line "unsubscribe linux-kbuild" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/Makefile b/Makefile index 7ad66de..590ff53 100644 --- a/Makefile +++ b/Makefile @@ -1132,7 +1132,9 @@ ifeq ($(CONFIG_MODULE_SIG_THROW_AWAY), y) @echo "###" @echo "### Deleting key used to sign modules." @echo "###" + @dd status=none if=/dev/zero of=./signing_key.priv bs=4096 count=1 @rm ./signing_key.priv + @dd status=none if=/dev/zero of=./signing_key.x509 bs=4096 count=1 @rm ./signing_key.x509 endif
This is for the more paranoid people, also it's questionable what paranoid nowadays means. Signed-off-by: Alexander Holler <holler@ahsoftware.de> --- Makefile | 2 ++ 1 file changed, 2 insertions(+)