Joanna Rutkowska: > On Sat, Aug 27, 2016 at 06:54:10PM +0000, segfault wrote: > The added value would be ensuring the unused portion of the disk blocks > (occupied by the Tails partition) are not populated with some random garbage, > which might be e.g. user's previous (unencrypted) content, such as... family > pictures ;)
Ok, but data leakage and verification are different problems IMO. In the tails-verifier I did not try to prevent data leakage or the other possibility of using unverified parts as a hidden channel (which could be used by malware), but only focus on modifications which could alter the behavior of Tails (i.e. changes in boot code or files). I think preventing data leakage and hidden channels is also desirable, but because of the behavior of flash drives you mentioned, I think it is hard to guarantee this. > Generally, I think the Tails installer should at least ask the user to wipe > the > disk with 'dd if=/dev/zero'. Admittedly, because of wear leveling mechanisms > this might not be effective, because AFAIU modern flash memories would include > (X*size) of the actual physical storage in order to expose (size) bytes of > storage to the host, where X > 1. Right, so `dd if=/dev/zero` would not always protect from data leakage. So I tend to disagree that we should do this in Tails Installer, because it would make the installation process slower and might give a wrong feeling of security. > But perhaps if the wiping were repeated N times, where N = ceiling (X), with > random content this time (in order to fool any optimizations by the device), > then it should be fine? Would this guarantee that every byte was overwritten? Wouldn't it be possible that the same (size) bytes get overwritten multiple times but the (X-1)*size other bytes stay the same? Cheers _______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
