On Tue, Feb 15, 2011 at 21:30, Michael Tewner <[email protected]> wrote: > 2011/2/9 shimi <[email protected]> >> >> >> On Wed, Feb 9, 2011 at 9:50 PM, Uri Even-Chen <[email protected]> wrote: >>> >>> Thank you. >>> >>> Wiping files is part of pretty good privacy (PGP) - if you want >>> privacy you need to wipe your deleted files. >>> >>> >> >> I would trust having them all at encrypted-state at all times (and avoiding >> using swap) to be a must better approach. >> >> I couldn't care less if someone takes my random data which he has no key >> for, and read it for fun... I suspect this is not too different than reading >> /dev/random. >> >> -- Shimi >> > > That's the concept for ZFS secure deletion. As per > http://www.c0t0d0s0.org/archives/5793-Secure-Deletion-with-ZFS.html : > <snip> > Use encryption and when you want to delete the data throw away the > matching key. > <snip> > And this is exactly the way, secure deletion will be done with ZFS. > It´s done by encryption. You will be able to define an encryption key > by dataset and when you want to delete a dataset securely just throw a > way the key. Remember that creating a dataset is as easy as creating a > directory in ZFS. ZFS Crypto will be the solution for the secure > delete challenge.
Secure deletion is different than encryption! Remember that no encryption is 100% safe. With encryption it's still possible to read your data, if somebody finds your key; it's possible that in the future they will be able to decrypt those encryptions; and you might even give the key. With secure deletion it's not possible. Once you delete files they are gone! If somebody is able to read them then it's not secure deletion. And if you have a file you want to encrypt, you should securely delete the original file after encryption, otherwise you didn't do anything. If you just encrypt the file and delete the original file (not securely), then it's still on your hard disk! Secure deletion is very important. Uri Even-Chen Mobile Phone: +972-50-9007559 E-mail: [email protected] Website: http://www.speedy.net/ _______________________________________________ Linux-il mailing list [email protected] http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
