Re: Can someone please poke some holes in this idea?

David R. Conrad (drc@adni.net)
Thu, 8 Oct 1998 11:24:08 -0400 (EDT)

• Next message: David Honig: "Re: Ueli tests on variations of ECSecureRandom"
• Previous message: James A. Donald: "Re: A simple question since you guys really seem to be knowledgeable"
• In reply to: Skylar Highe: "A simple question since you guys really seem to be knowledgeable"
• Next in thread: Giff: "Re: Can someone please poke some holes in this idea?"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 7 Oct 1998, Werner Koch wrote:

> "David R. Conrad" <drc@adni.net> writes:
>
> > Your OS may also offer to do it for you. man 1 chattr if you're using
> > Linux and ext2fs.
>
> Are you [sure] it is implemented?
>
> I only found the EXT2_SECRM_FL in a header but it is not used
> under linux/fs (2.1.113)

Although I believed it to work under earlier versions, much to my
chagrin I discovered that it is commented out in both the latest stable
kernel (2.0.35) and the latest development kernel (2.1.124).

That's the short answer. Here are a few more details for the interested:

Excerpts from linux-2.1.124/fs/ext2/CHANGES:
[version 0.5b of the ext2 filesystem has been the latest for a long time]

- -=-=-
Changes from version 0.4 to version 0.4a
   - deleting a file with the `s' attribute (secure deletion) causes its
     blocks to be overwritten with random values not with zeros (thanks to
     Michael A. Griffith <grif@cs.ucr.edu> for suggesting it).

Changes from version 0.4b to version 0.5
   - Real random numbers for secure rm added by Pierre del Perugia
     <delperug@gla.ecoledoc.ibp.fr>
- -=-=-

So, at this point as I'm reading this, I'm quite hopeful of being able to
tell Werner that it does in fact work as advertised.

And then I discovered the following bombshell at the top of truncate.c:

- -=-=-
#if 0

/*
 * Secure deletion currently doesn't work. It interacts very badly
 * with buffers shared with memory mappings, and for that reason
 * can't be done in the truncate() routines. It should instead be
 * done separately in "release()" before calling the truncate routines
 * that will release the actual file blocks.
 *
 * Linus
 */
static int ext2_secrm_seed = 152; /* Random generator base */

#define RANDOM_INT (ext2_secrm_seed = ext2_secrm_seed * 69069l +1)
#endif
- -=-=-

Despite my disappointment at this discovery I'm glad it occurred, since I
had actually been trying to use this feature. Caveat deletor.

David R. Conrad <drc@adni.net>

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQA/AwUBNhzZM4POYu8Zk+GuEQJo/gCeL2TvpDVQHk8E0GDAkdGgTiYoZAEAoOd3
bxZmGhlR+qewnr8MhS/VWYDv
=8XjH
-----END PGP SIGNATURE-----

• Next message: David Honig: "Re: Ueli tests on variations of ECSecureRandom"
• Previous message: James A. Donald: "Re: A simple question since you guys really seem to be knowledgeable"
• In reply to: Skylar Highe: "A simple question since you guys really seem to be knowledgeable"
• Next in thread: Giff: "Re: Can someone please poke some holes in this idea?"