Le dimanche 15 mai 2011 à 11:43 +0200, radames42@freenet.de a écrit :
> since btrfs uses cow I wonder how I can erase confidential data.
> Replacing the file does not work, since the new content is written to new
> blocks while the old confidential content remains in its old block (which
> may be unused now - depending on snapshots).
Yep. COW filesystems typically do not allow secure deletion, there''s no
way to work around this AFAIK.
> Alternatives are:
> - using encfs to save confidential data
> - using luks to encrypt the whole disk/partition
> other suggestions?
I''m currently writing this message from a machine using a BTRFS inside
an LVM built upon LUKS. That works fine.
I also use some ecryptfs on other machines, that comes standard with
Ubuntu and is allright.
It may be worth noting that encryption is not equivalent to secure
deletion : If it''s secure-deleted, it''s truly gone. If
it''s "unsecurely"
deleted from an encrypted container, somebody getting the decryption
key, possibly by force, might be able to recover the data.
OTOH, even though COW filesystems don''t allow secure deletion,
they''re
typically known to generally not have any reliable "undelete" tools,
and
COW filesystems have a greater chance to overwrite relased blocks sooner
than non-COW FSes would do, so the average lifespan of "parts of erased
files data on disk" is probably typically much shorter with a COW FS
than with a non-COW one.
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs"
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html