zfs discuss - Dec 2006 - [security-discuss] Re: Thoughts on ZFS Secure Delete - without using Crypto

> On Wed, 2006-12-20 at 03:21 -0800, james hughes wrote:
> > This would be mostly a "vanity erase" not really a serious
"security
> > erase" since it will not over write the remnants of remapped
sectors.
> 
> Yup.  As usual, your milage will vary depending on your threat model.  
> 
> My gut feel is that there''s a cost-benefit sweet spot near a
mechanism
> which provides for the prompt overwrite of recently deallocated blocks
> with either zeros or newly allocated data, with more intensive bleaching
> reserved for when disks are taken out of service. 
	When SunFed first implemented format->analyze->purge to the
	Magnetic Remnance specification of, IIRC, 3 overwrites each of
	0000, 5555, AAAA, the instructions to the admins went something
	like:  When you first put the disk in service, record the factory
	flaw map and retain it.  When you later purge the disk, read out
	and record the current flaw map.  Purge the disk.  If the factory
	flaw map and current flaw map differ, remap the difference to
	active and re-purge the disks.
	I''ve been told, but haven''t verified, that the current format
-
	disk driver - disk combinations no longer support both reporting the
	flaw map and remapping flawed sectors back to active.

Gary..