[Cryptography] Write only devices
doug at joss.com
Thu Dec 31 22:31:38 EST 2015
In my past, I had occasion to have a mag tape drive (6250 bpi which should nicely date this) modified such that any attempt to rewind or "backspace" or "reverse write" would simply result in the controller logging that command - the hardware of the drive mechanism to move the tape backward was electrically disabled.
This enabled catching someone in the system who was breaking in and deleting their trail - the system was Guardian (Tandem) based, not Unix, and log activities were infrequent enough to allow a mag tape to be used as the target device.
A key switch was added next to the equiv of "load/rewind" to enable the rewinding of the tape and return to mostly normal operations, although the modified PROMS on the controller did change a few things.... We really never advised that the drive be used for anything other than logs and a few other audit things.
It can work, but if the reason you are doing it is mistrust of software then you really have to get under the software to the copper level if you want to have any gain in assurance.
More information about the cryptography