Re: PATCH - ext2fs privacy (i.e. secure deletion) patch

[Jamie Lokier]

the grugq wrote:
> As I now understand, you are proposing a file system which has per file 
> encryption where the key is stored in the inode. The inode is then the 
> only location with senstive data which needs to be removed.

Yes.

> Also, this proposal seems to me more related to how to implement an 
> encrypted file system, than how to implement secure deletion on existing 
> file systems.

Not really, this is pointing out an alternative means of secure
deletion _if_ you have encryption.  The points I wanted to make were,
most important first:

   - Overwriting data does not always do what you think it does.
     Several block devices _do not_ overwrite the same storage blocks.
     Thus it is dangerous to call something "secure deletion"
     when it might not do anything at all.

   - Filesystems on top of encrypted block devices _do_ need
     overwriting-based secure deletion, if they are of the type where
     the block encryption key is derived from the block offset and device
     key only.

   - Eraseable per-file keys may be a more secure way of destroying
     data than overwriting data on a magnetic medium.

-- Jamie
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/