[Cryptography] Photon beam splitters for "true" random number generation ?

[Theodore Ts'o]

On Tue, Dec 29, 2015 at 10:42:45AM -0500, Jerry Leichter wrote:
> VMS, many many years ago (and still, for the few still using it) had
> a feature that it amazes me no one has copied since: You could mark
> a file "erase on delete".

Actually, ext2 in Linux has erase on delete.  It was disabled in ext3
because it's was more trouble to implement when journalling was
enabled, and no one cared enough to implement it.  Also getting it
right so that blocks get erased when only some of the blocks in the
file are released (e.g., after truncate or punch hole operation) is
non-trivial.

With ext4 recently gaining the optional data block encryption feature,
it would be at lot easier to solve the problem for "erase on delete"
if this feature is enabled, by simply making sure the per-file key is
zapped on delete.  Of couse we still have to worry about a copy of the
per-file key still persisting in the journal and the somewhere in the
SSD's not-yet erased free erase pages.  And the caveats about blocks
still being recoverable after a partial truncate or punch hole
operation would still be available.

On the upside, given that blocks coming from different files are
encrypted with different per-file keys, it makes life harder for
people trawling deleted files and free pages in an SSD.  Also, if all
files belonging to one user (say the enterprise user account) use a
different wrapping key than another user (say, the user's personal
account), it means that if one temporarily loses control of a mobile
device (or one leaves their employer for another job), different
policies can be enforced such that only one of the users is remotely
erased using a remote mobile management tool.

Cheers,

					- Ted