Re: ext2/ext3, sync/async filesystems, data hygiene

To: debian-user@lists.debian.org
Subject: Re: ext2/ext3, sync/async filesystems, data hygiene
From: Douglas Ward <dwdraw@bellsouth.net>
Date: Sat, 6 Aug 2005 14:58:09 -0400
Message-id: <[🔎] 200508061458.11493.dwdraw@bellsouth.net>
In-reply-to: <a51b8c6f5e53a878dc9dfbbd5ec25eb2@ecn.org>
References: <4uVox-73R-31@gated-at.bofh.it> <a51b8c6f5e53a878dc9dfbbd5ec25eb2@ecn.org>

On Thursday 28 July 2005 07:41, Anonymous wrote:
> Tom Vier <tmv@comcast.net> wrote:
> > I'm the author of wipe, btw (the one at wipe.sf.net). Meta-data
> > journaling alone isn't a problem (except for wiping filenames), but full
> > data journaling is, and some journaled fs (like reiser) don't necessarily
> > place data on the same blocks when you overwrite (log-structured and
> > versioning filesystems, especially). To be sure you overwrite the old
> > blocks, you have to overwrite the whole partition.
>
> But that's not usually practical!
>
> > That's why it's best to encrypt sensitive data in the first place. That
> > way, there's no plain text left around.
>
> True, but if you want to edit a file (with vi, gimp, openoffice or
> anything else) you have to save it then encrypt it then wipe it. A
> file you can't edit is not a useful file!

I think what may have been implied was hard disk encryption in which an entire 
partition is transparently encrypted. (This can be done with dmcrypt or 
loop-AES.) (An easy-to-setup option would be to encrypt /tmp, and send all 
non-encrypted plaintext to there before re-encrypting and saving elsewhere; 
this is easily done with the cryptsetup 
package--read /usr/share/doc/cryptsetup/???. Swap could become dangerous, but 
that, too, is easily fixed with the same package.)

Reply to:

Prev by Date: Re: firefox crash
Next by Date: Re: upgrading to X.org server
Previous by thread: Re: Konqueror Multi-Column view question (KDE 3.3.2)
Next by thread: Direct Rendering with Debian Xorg
Index(es):
- Date
- Thread