Gary Winiger
2006-Dec-20 23:32 UTC
[security-discuss] Re: [zfs-discuss] Thoughts on ZFS Secure Delete - without using Crypto
> On Wed, 2006-12-20 at 03:21 -0800, james hughes wrote: > > This would be mostly a "vanity erase" not really a serious "security > > erase" since it will not over write the remnants of remapped sectors. > > Yup. As usual, your milage will vary depending on your threat model. > > My gut feel is that there''s a cost-benefit sweet spot near a mechanism > which provides for the prompt overwrite of recently deallocated blocks > with either zeros or newly allocated data, with more intensive bleaching > reserved for when disks are taken out of service.When SunFed first implemented format->analyze->purge to the Magnetic Remnance specification of, IIRC, 3 overwrites each of 0000, 5555, AAAA, the instructions to the admins went something like: When you first put the disk in service, record the factory flaw map and retain it. When you later purge the disk, read out and record the current flaw map. Purge the disk. If the factory flaw map and current flaw map differ, remap the difference to active and re-purge the disks. I''ve been told, but haven''t verified, that the current format - disk driver - disk combinations no longer support both reporting the flaw map and remapping flawed sectors back to active. Gary..