Re: Erase Files

["Dom De Vitto" <dom@DeVitto.com>]

1) Theo is sooooo right here, for soo0o many reasons.
I, for instance, know people that have got the data back from
drives erased over 255 times.  If you want erasure, drop it in
a bucket of acid, and use a file strain to be sure it's dissolved.

2) If you want something, you know where cc lives....
3) I would suggest that better security could be provided by something
like:
<http://www.backwatcher.org/writing/howtos/obsd-encrypted-filesystem.htm
l>

(unless encrypted filesystems are directly support by OpenBSD now?)

Dom
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Dom De Vitto                                       Tel. 07855 805 271
http://www.devitto.com                         mailto:dom@devitto.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-----Original Message-----
From: owner-misc@openbsd.org [mailto:owner-misc@openbsd.org] On Behalf
Of Theo de Raadt
Sent: Saturday, September 06, 2003 11:42 PM
To: Mark
Cc: misc@openbsd.org
Subject: Re: Erase Files 


I am going to reply to this nonsense just once more.

> > This is in the archives. Theo essentially put the hammer down and 
> > said no, so forget it.
> 
> Ok...wait a moment... *reading something from the website* "Our 
> efforts emphasize portability, standardization, correctness, proactive

> security and integrated cryptography." Security -> Goal:
> "..."  "Our aspiration is to be NUMBER ONE in the industry for
security (if
> we are not already there)."

What you are talking about has nothing to do with security.

> I've 2 questions yet:
> 
> 1.
> 
> How could importent data be stored secure if there's no method to 
> delete something "secure"?

This is blabber.  Those methods do NOT deleted data.

> The OS itselfs seams to be secure, ok. But what if the hdd will be 
> robbed? This is VERY importent....
> 
> And there is (in german) a newsline: 
> http://www.heise.de/newsticker/data/uma-06.09.03-002/
> Very short version: 2 persons robbed an hdd from the australian 
> customs department with top secret data.

Was that data deleted using such a command before?

No, it was not.  So what the HELL do you think you are blabbering about?
Are you that dumb?

> So I think it's importent to delete data as secure as we can.

Hogwash.

> Theo if you said NO I will hope that you will change your mind.

No, having drives stolen which noone had erased because THEY WERE BUSY
USING THEM, will NOT change my mind!

> Secure deleting is importent and it's not only a tool for the "bad 
> boys".

That is not secure deleting.  Apparently you don't know how modern
drives work.

> I'm not a coder but I know some coders and so (from my point of view) 
> it's not difficult to implementate such an "option".

WHo cares.

> I know nothing about your standarts and if you told me "rm has to be 
> compatible with..." I told you: then do not include such a function in

> rm. Code a tool called "erase" or so.

No.

> Think about Theo.
> Your personal data could be abused too if an hdd will be stolen from 
> some company or the gov.

ANd it would NOT HAVE BEEN ERASED BECAUSE IT WOULD STILL BE IN USE.

> And if you would read a crazy example:
> The Mafia (e.g. in germany) will pay a lot of money if you give them 
> hdd's from lawyers / police or such persons / organisations. These hdd

> musn't be stolen because every ~4-6 years they will be sale. The 
> persons/organisations have to wipe the hdd before they could sale it 
> but if the mafia buy these hdd's after wiping the method seams not 
> realy secure. And NO: That's not a joke with the mafia...
> 
> So I hope you change your mind Theo..

No.

I erase drives by taking them apart because those magnets work really
well at holding photographs onto my fridge.

A note regarding safety:  Do not bend glass platters.