> > Data recovery services would be laughing at you right now. > In a nutshell, you can overwrite the data one time, or a hundred > and it does no good. The DoD already discovered this, much to > their dismay, when drives started moving to RLE encoding. > Drives these days which need to be decommissioned from > classified use are simply destroyed. It's rather interesting > how they do it, but that's another story. :) Yeah, but most even so, this *does* reliably destroy information with some reasonable certainty, assuming you are wise and disable all buffers (OS and drive).
> Anyway, the best way to keep that data from being recovered is > not to store it plaintext in the first place. An easy solution > for most people is to grab the encrypted kernel patch from > www.kerneli.org and compile it, and the associated losetup and > mount utilities. I think I posted about this previously. Also, > you want to harden your kernel and disable swap-to-disk on > your server - you need to ensure that data in memory is never > written to disk, and that kernel memory is inaccessible while > the system is up. ie, /dev/kmem is read-protected. Yes, this > does break a few utilities.. Or use an one-time-key encrypted swap partition a'la OpenBSD. Anyway, this is neither here nor there. Securing your system isn't freenet's job. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20000811/0c2cfd35/attachment.pgp>
