[Cryptography] Rubber-hose resistance?
Patrick Chkoreff
patrick at rayservers.net
Wed Dec 20 18:12:58 EST 2017
Jerry Leichter wrote on 12/20/2017 05:27 PM:
>> Before you leave to return home, you need to delete all the confidential
>> information from the laptop. To ensure no trace of it remains on the
>> disk, the simplest safe way I can imagine is this:
>>
>> $ cat /dev/urandom >tmp1
>> # Now wait until you run out of disk space.
> This of course may not do what you think on an SSD - which it probably is these days.
I was thinking specifically of SSDs, which is why I recommended doing this:
>> $ gpg --print-md sha256 tmp1
And then rebooting the machine and computing the checksum again.
As far as I can tell, SSD or not, I have just written the largest
possible amount of unpredictable and uncompressible data onto my file
system, which should fill up every little corner of unused persistent
storage on the entire device, like water flowing through a maze.
By the way, there might still be some observable record of old directory
entries. So if I do a "rm -rf .ssh", the ".ssh" might still be visible
in the directory table.
>> # Now wait for gpg to hash the many gigabytes of random data....
>>
>> $ rm tmp1
>>
>> # And thus reclaim your disk space.
> What attack will filling the disk with random bits stop that simply zeroing the disk won't stop?
Filling the disk with zeroes might not actually do anything, since a
long stream of zeroes might be compressed to just a length indicator
followed by a single zero byte. It would actually look like I have a
67GB file of zeroes when I do an "ls -l", but the SSD might be doing so
much magic that it's not actually stored that way.
> And using gpg checksumming as a replacement for 'sync' ... doesn't really work: If the data is in memory buffers waiting to be written, gpg will (under the covers, inside the implementation for read()) get it from there.
Well it's a good point: I should do a "sync" as well. However, I still
want to compute the checksum and verify it's the same after restarting
the machine. If it's not, then I've caught the file system in a
violation of its contract.
-- Patrick
More information about the cryptography
mailing list