[Cryptography] Photon beam splitters for "true" random number generation ?

Theodore Ts'o tytso at mit.edu
Tue Dec 29 10:01:03 EST 2015

On Mon, Dec 28, 2015 at 11:24:55AM -0500, Kevin W. Wall wrote:
> Jumping in late here b/c of the holidays. Actually, if I'm not mistaken,
> I think the whole concept of "secure delete" at the _file_ level can no
> longer be guaranteed for any file system that is a journaling file system.
> Rather than overriding the data blocks, the writing of random data
> simply writes to the "journal", so unless you can guarantee that you first
> fill up this journal, any secure delete may not have done what you think
> it has. And most of the OSes today typically use some sort of journaling
> file system, which means that any "secure delete" mechanism that
> actually works really must work at the _file system_ level rather than
> the individual _file_ level, and that generally requires some sort of
> privileged access.

This isn't quite right, actually.

Most journalling file systems only journal *metadata*.  Now, we all
know the "it's only metadata" b.s. promulgated by the US National
Intelligence establishment is simply is not true.  For example, if you
have a file named "Death_to_America.txt", it will show up in the
journal since directory entries are metadata.  But journalling file
systems such as ext3, ext4, and xfs normally do not journal data
blocks.  (Ext3 and ext4 have a data journalling mode, but (a) this is
unusual; I'm not aware of any other file systems have this feature,
and (b) it's not normally turned on.)

Now, if you are using a copy-on-write file system, such as btrfs or
ZFS, then most data blocks are not overwritten, but are written to new
locations on disk.  (Both btrfs and ZFS do have a way of disabling
this feature because otherwise it would be a performance nightmare for
things like databases, but it defaults to on, and many people aren't
aware that they should really disable COW for things like mysql or
postgres or Oracle files).

					- Ted

P.S. The i_size and file access times can also leak a fair amount of
information, but realistically, if someone has block access to your
hard drive, and is doing that level of forensics on your file system
blocks, given that most people aren't encrypting data at rest, you
have much bigger problems.  Just doing secure delete on a few files
means that you're leaking all of the data in your _unencrypted_ files,
including your system log files, etc.

More information about the cryptography mailing list