Re: storage privacy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alexander W. Janssen wrote: > [EMAIL PROTECTED] wrote: >> I guess you can read one persons attack but are blind to others > > What attack? OK, i swept back through the postings and /dev/ass wasn't nice too. Got that, Eugen? Whatever. Back to business. If you feel inclined to talk out of /dev/ass or you feel like you want to tell someone to fuck him/herself, go off-list. We're publicy offical civilized people after all? And with Sheila Broflovski's words: "Senseless violence is allowed as long as it doesn't contain any naughty words." So go and get a gun. Just kidding. Alex. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) iQCVAwUBR1s9kBYlVVSQ3uFxAQIPfQP+Opn+NUBCvi1ELs704L9RbagmHYsU8wcS XCYeHslFAUBNYQi4FCxRuwxFUfH3I3+JpZsJd4eIYDxrdJpUeG8Q8a8wTZTMoo8N JKHnOZ0gl206hnUSFiSL+fGZNDkP4Slw+wtW81AaCYmgAcXN/y4sXfGXkonY8DiF KBuQ0u4LNFA= =6Etk -END PGP SIGNATURE-
Re: storage privacy (was: Nice quiet, private, anonymous life??)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: > I guess you can read one persons attack but are blind to others What attack? > And I thought the people on this list were against censorship, unless > they, of course, are doing the censoring. I'm trying to follow the thread (which went quite bizarre), but from my personal judgment Andrew is right to tell you that personal attacks are not acceptable. And this has nothing to do with censorship. This is a public list of people discussing Tor and sometimes even politics. But this ain't no place to insult other people. What you encounter here, are opinions which don't match yours. And certainly no one is censoring here. If we'd censor here, we wouldn't even see your posting. THAT'D BE censorship. If you think you're insulted by something Eugene said, tell us - or even better, discuss your problems off-list. Cheers, Alex. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) iQCVAwUBR1s6iRYlVVSQ3uFxAQKq0QP/bKM5vwwZeVG9wtM/41tldL4IjeS4yNCU 4nleLDikGF6Z/WPrpWc458InmYOso5JG1hsbEr16xvutRY1WfuliFUJDSGli6rnv hJa20g4T2qzHnmmRudpxPf5EZNv8WkAMZVZR1kOakbUtpJGpoNrjnKA/6Jn0ansL sKGsy8fIURA= =0QX/ -END PGP SIGNATURE-
Re: storage privacy (was: Nice quiet, private, anonymous life??)
I guess you can read one persons attack but are blind to others (friend of yours maybe?) And I thought the people on this list were against censorship, unless they, of course, are doing the censoring. On Wed, 5 Dec 2007 19:30:04 -0500, [EMAIL PROTECTED] said: > On Wed, Dec 05, 2007 at 05:05:27PM -0700, [EMAIL PROTECTED] wrote > 2.6K bytes in 66 lines about: > : Hey Eugene, go fuck yourself ok? Have you actually tested using a > : magnetic field for this, no. > : Seems to me you're the one talking out of dev/ass, cuz you are one. And > : don't put it past someone to wire a plastique device to the hard drive, > : seems like a perfect solution for some terrorist, maybe a distant > cousin > : of yours? > > mark485anderson, This is unacceptable. Personal attacks on other people > on list are entirely immature and off-topic. This post is worthy of a > yellow card, if not red (in football parlance). > > Google returns many fine links about email etiquette on mailing lists. > One such example is > http://www.gweep.ca/~edmonds/usenet/ml-etiquette.html. In particular, > the question "I've been insulted! How should I respond?" may pertain > here. > > Let's assume this is a rare outburst and won't happen again. Thanks! > > -- > Andrew -- [EMAIL PROTECTED] -- http://www.fastmail.fm - Or how I learned to stop worrying and love email again
Re: storage privacy (was: Nice quiet, private, anonymous life??)
no problem, I accept yours and others assertions that a home made magnetic device won't work. It occurs to me that in any case where even one operator knows or has possession/knowledge of the keys or backups, that that information could still be gained through torture/coercion in rare cases where the information effects "national security" or the guys wanting it are mean SOBs. On Wed, 5 Dec 2007 16:28:18 -0800, "coderman" <[EMAIL PROTECTED]> said: > On Dec 5, 2007 4:05 PM, <[EMAIL PROTECTED]> wrote: > > ... Have you actually tested using a magnetic field for this ... > > despite the rudeness of some of this thread, it really is difficult to > properly clear / purge data from a modern hard disk using a magnetic > field. we do this at work, and the device is a large box with loud > fans. you must wear heat resistant glove(s) to hold the hard drive > over the unit for 60+ seconds. it gets quite hot (see inductive > smelting, etc). > > arranging such a unit inside a case would be difficult, dangerous, and > probably not as effective as you think. > > see http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html > > this is why full disk encryption is preferable. it is much quicker > and safer to securely purge or destroy the disk keys (small) than the > whole disk itself (large, time consuming). > > there are many ways to configure authentication/authorization for > encrypted disk access, including multi-factor passphrase, token, even > biometric. maybe you leave the keys on disk for headless boot and > only want the ability to securely wipe them if needed. > > last note, the loop-aes module support key scrubbing in memory, so > that even ram cannot be inspected for usable disk encryption keys that > could remain after power down. (some other volume encryption methods > may also support this, however, loop-aes is the only one i've used > that does so.) > > best regards, -- [EMAIL PROTECTED] -- http://www.fastmail.fm - mmm... Fastmail...
Re: storage privacy (was: Nice quiet, private, anonymous life??)
On Fri, 07 Dec 2007 22:44:23 +0600 "Vlad \"SATtva\" Miller" <[EMAIL PROTECTED]> wrote: >Scott Bennett wrote on 05.12.2007 04:14: I have not run a tor server, so I do not know the exact requirements.= > Can it be done from a ram drive? >>> It could, but you'd need to make sure it doesn't swap/page down to dis= >k, >>> which would be bad. >>> >> I'm not a LINUX user, but I would be surprised if there were not s= >ome >> similar facility in LINUX, but I haven't the foggiest notion how one wo= >uld get >> Windows XP to encrypt its swapping/paging file or even whether Windows = >XP has >> that capability. > >WinXP does not have such capabilities built in. The only free and open >source solution for swap/tmp space encryption under WinXP I'm aware of >is TrueCrypt + TCTEMP (uses boot-time generated ephemeral keys): >http://www.truecrypt.org/third-party-projects/tctemp/. >Besides that there are a bunch of closed/proprietary software for swap >and/or system partition encryption: BestCrypt and PGP Whole Disk are the >best from my expirience (both are proprietary, BC is partially open for >peer review, PGP WDE is open source, but not Open Source or Free). > Thanks for the information. That's yet another way in which Microslop appears to have failed to keep up with the times. OTOH, it fits their longstanding practice of being weak on security issues to create a bigger niche market for security software vendors. Someday I'd love to see their internal records that would show whether they get kickbacks from those vendors. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
Re: storage privacy (was: Nice quiet, private, anonymous life??)
Scott Bennett wrote on 05.12.2007 04:14: >>> I have not run a tor server, so I do not know the exact requirements. >>> Can it be done from a ram drive? >> It could, but you'd need to make sure it doesn't swap/page down to disk, >> which would be bad. >> > I'm not a LINUX user, but I would be surprised if there were not some > similar facility in LINUX, but I haven't the foggiest notion how one would get > Windows XP to encrypt its swapping/paging file or even whether Windows XP has > that capability. WinXP does not have such capabilities built in. The only free and open source solution for swap/tmp space encryption under WinXP I'm aware of is TrueCrypt + TCTEMP (uses boot-time generated ephemeral keys): http://www.truecrypt.org/third-party-projects/tctemp/. Besides that there are a bunch of closed/proprietary software for swap and/or system partition encryption: BestCrypt and PGP Whole Disk are the best from my expirience (both are proprietary, BC is partially open for peer review, PGP WDE is open source, but not Open Source or Free). -- SATtva | security & privacy consulting www.vladmiller.info | www.pgpru.com signature.asc Description: OpenPGP digital signature
Re: storage privacy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 coderman wrote: > On Dec 5, 2007 4:05 PM, <[EMAIL PROTECTED]> wrote: >> ... Have you actually tested using a magnetic field for this ... > > despite the rudeness of some of this thread, (snip) You sure aren't kidding... sheesh! =:o\ > > see http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html > Ah, there's the paper I mentioned earlier. =:o) > this is why full disk encryption is preferable. (snip) "Mmm, strong crypto." - --a playful, likely apocryphal Bruce Schneier quote. =:oD - -- F. Fox Owner of node "kitsune" CompTIA A+, Net+, Security+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHWJ+pbgkxCAzYBCMRAuKSAKCSaWajd53WzZxlCMLx/JN26YCJ8wCghNSV +si/+HzWm7UZgK7pH6twfPk= =yK6F -END PGP SIGNATURE-
Re: storage privacy (was: Nice quiet, private, anonymous life??)
On Wed, Dec 05, 2007 at 05:05:27PM -0700, [EMAIL PROTECTED] wrote 2.6K bytes in 66 lines about: : Hey Eugene, go fuck yourself ok? Have you actually tested using a : magnetic field for this, no. : Seems to me you're the one talking out of dev/ass, cuz you are one. And : don't put it past someone to wire a plastique device to the hard drive, : seems like a perfect solution for some terrorist, maybe a distant cousin : of yours? mark485anderson, This is unacceptable. Personal attacks on other people on list are entirely immature and off-topic. This post is worthy of a yellow card, if not red (in football parlance). Google returns many fine links about email etiquette on mailing lists. One such example is http://www.gweep.ca/~edmonds/usenet/ml-etiquette.html. In particular, the question "I've been insulted! How should I respond?" may pertain here. Let's assume this is a rare outburst and won't happen again. Thanks! -- Andrew
Re: storage privacy (was: Nice quiet, private, anonymous life??)
On Dec 5, 2007 4:05 PM, <[EMAIL PROTECTED]> wrote: > ... Have you actually tested using a magnetic field for this ... despite the rudeness of some of this thread, it really is difficult to properly clear / purge data from a modern hard disk using a magnetic field. we do this at work, and the device is a large box with loud fans. you must wear heat resistant glove(s) to hold the hard drive over the unit for 60+ seconds. it gets quite hot (see inductive smelting, etc). arranging such a unit inside a case would be difficult, dangerous, and probably not as effective as you think. see http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html this is why full disk encryption is preferable. it is much quicker and safer to securely purge or destroy the disk keys (small) than the whole disk itself (large, time consuming). there are many ways to configure authentication/authorization for encrypted disk access, including multi-factor passphrase, token, even biometric. maybe you leave the keys on disk for headless boot and only want the ability to securely wipe them if needed. last note, the loop-aes module support key scrubbing in memory, so that even ram cannot be inspected for usable disk encryption keys that could remain after power down. (some other volume encryption methods may also support this, however, loop-aes is the only one i've used that does so.) best regards,
Re: storage privacy (was: Nice quiet, private, anonymous life??)
Hey Eugene, go fuck yourself ok? Have you actually tested using a magnetic field for this, no. Seems to me you're the one talking out of dev/ass, cuz you are one. And don't put it past someone to wire a plastique device to the hard drive, seems like a perfect solution for some terrorist, maybe a distant cousin of yours? On Tue, 4 Dec 2007 22:20:24 +0100, "Eugen Leitl" <[EMAIL PROTECTED]> said: > On Tue, Dec 04, 2007 at 01:35:49PM -0700, [EMAIL PROTECTED] wrote: > > > Judge: "Ok you are to be held in contempt and in jail xyz, until such > > time as you give us the pass phrase to your data" > > Plausible deniability. http://en.wikipedia.org/wiki/TrueCrypt > > > Most data overwrite programs take too long-you do not have that time > > when they are knocking down your door. > > You have to power down the servers before confiscating them. > You can use a smartcard along with a PIN for a login, or at > least purge the passphrase after N failed login attempts. > > Don't assume Mallory is omniscient and omnipotent. Knuckledragger > forensics won't even find anything out of ordinary. > > > A strong magnetic field close to the hard drive will completely destroy > > the data making it impossible to recover. I will also probably fuckup > > Have you any idea how strong the field would have to be? Look it up. > > > the drive mechanism, rendering the drive useless. Someone said consumer > > demagnetizers were not sufficently strong? How do you know this? > > How about using Google, Luke. Ya think you can install a >1 Tesla > coil between your hard drive trays? Ya think forensics can't get at > residual bit magnetization with a cleanroom, and a MFM head? You're in > for a big surprise, then. > > > I have not run a tor server, so I do not know the exact requirements. > > Can it be done from a ram drive? > > Let's say you have a hidden service which you don't want to become > public. > > > Explosives and incendiaries are a poor choice for obvious reasons. Want > > to add arson and terrorism to your charges? > > To add insult to the aggravation, thou art a humourless twat to boot. > > > I am not saying magnetism is the only way or even the best way, but a > > way, assuming you have recent backups at an undisclosed, secure > > location. > > I am saying you're talking out of /dev/ass > > -- > Eugen* Leitl http://leitl.org";>leitl http://leitl.org > __ > ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org > 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE -- [EMAIL PROTECTED] -- http://www.fastmail.fm - The professional email service
Re: storage privacy (was: Nice quiet, private, anonymous life??)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Scott Bennett wrote:
(snip)
> I'm not a LINUX user, but I would be surprised if there were not some
> similar facility in LINUX, but I haven't the foggiest notion how one would get
> Windows XP to encrypt its swapping/paging file or even whether Windows XP has
> that capability.
(snip)
There are indeed facilities for ephemeral swap encryption in Linux; I've
actually done it by three different methods to date (you'll have to look
up the exact docs used, though):
* Loop-AES module in Fedora Core 4-6 (AES-256, CBC);
* Dm-crypt in Fedora 7 (AES-256, LRW);
* Persistent (passphrase-based) root filesystem encryption from
install-time, via Dm-crypt (AES-256, CBC:ESSIV-SHA256), and ephemeral
("random-key") swap area encryption via the same method (and identical
module, cipher, and mode-of-op), in Debian 4.0.
The first two were before installers included this kind of stuff
(AFAIK), and so I sort of hacked it together using some scripts I wrote;
in the third, the functionality had been integrated into the installer. =:oD
- --
F. Fox
Owner of node "kitsune"
CompTIA A+, Net+, Security+
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHVgWObgkxCAzYBCMRAtD/AJ9k8v9inAREHNkSLzEcf53KzZ3b7gCePOxE
pi54oGaCX5L5sMnoFmAmwlI=
=6LO7
-END PGP SIGNATURE-
Re: storage privacy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Eugen Leitl wrote: > On Tue, Dec 04, 2007 at 01:35:49PM -0700, [EMAIL PROTECTED] wrote: (snip) >> Most data overwrite programs take too long-you do not have that time >> when they are knocking down your door. > > You have to power down the servers before confiscating them. > You can use a smartcard along with a PIN for a login, or at > least purge the passphrase after N failed login attempts. > > Don't assume Mallory is omniscient and omnipotent. Knuckledragger > forensics won't even find anything out of ordinary. > IIRC, if you have a TrueCrypt volume and you want to permanently disable access to it (instead of relying on its plausible deniability mechanisms) - in a hurry - there are two possible ways: 1.) Securely overwrite the first 1024KB of the volume; IIRC, this contains the actual, fixed volume keys, encrypted with the credentials you've chosen to use. Without this, even the proper credentials will fail to open the drive. 2.) TrueCrypt offers the use of keyfiles as credentials, in addition to (or even in lieu of) a passphrase; these can be kept exclusively on a removable medium of some kind (e.g., USB drive, CD-R). Destroy the medium with the keyfiles, and decryption becomes (basically) impossible. >> A strong magnetic field close to the hard drive will completely destroy >> the data making it impossible to recover. I will also probably fuckup > > Have you any idea how strong the field would have to be? Look it up. > (snip) He should look it up. IIRC, Gutmann's famous paper, "Secure Deletion of Data From Magnetic and Solid-State Memory," dealt with degaussing/demagnetizing as a possible method of data destruction. In short, the strength of the magnetic field would have to be enormous - far more than even most industrial magnets can provide - to properly destroy data on a modern hard drive. (Now, maybe if you could get access to the experimental U.S. Navy magnet that was mentioned... =xoD ) > > I am saying you're talking out of /dev/ass > LOL! =xoD I'll have to remember that one! =:oD - -- F. Fox Owner of node "kitsune" CompTIA A+, Net+, Security+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHVgOBbgkxCAzYBCMRAqznAJ9g6q6aJXFLFUJikq7rHjuADa76fgCgiqJX yvl/9GIQUkmy4qIi+e6/R/s= =RNcX -END PGP SIGNATURE-
Re: storage privacy
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alexander W. Janssen wrote:
> [EMAIL PROTECTED] schrieb:
(snip)
>> I have not run a tor server, so I do not know the exact requirements.
>> Can it be done from a ram drive?
>
> It could, but you'd need to make sure it doesn't swap/page down to disk,
> which would be bad.
(snip)
This is where ephemeral ("random-key") encryption of swap is *so* much
fun. In that case, not even the owner can decrypt the swap, once the
machine has been shut down, rebooted, or lost power. =:oD
- --
F. Fox
Owner of node "kitsune"
CompTIA A+, Net+, Security+
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHVgCUbgkxCAzYBCMRArB/AJ9iObT7LH7JDgEDKYqxAekD5SJvrgCeOv4u
QBV5ruxXMWIEYMevVBcxp40=
=RSmj
-END PGP SIGNATURE-
Re: storage privacy (was: Nice quiet, private, anonymous life??)
On Tue, 04 Dec 2007 22:13:08 +0100 "Alexander W. Janssen" <[EMAIL PROTECTED]> wrote: >[EMAIL PROTECTED] schrieb: >> Judge: "Ok you are to be held in contempt and in jail xyz, until such >> time as you give us the pass phrase to your data" > >Only a matter of the UK at the moment. Bad enough though. > >> Most data overwrite programs take too long-you do not have that time >> when they are knocking down your door. > >That's were strong encryption might work, along with enough entropy to >claim that this is random data, and not just encrypted files. I heard, >but haven't checked myself, that the "truecrypt"-suite offers something >meeting this requirements. > >> A strong magnetic field close to the hard drive will completely destroy >> the data making it impossible to recover. I will also probably fuckup >> the drive mechanism, rendering the drive useless. Someone said consumer >> demagnetizers were not sufficently strong? How do you know this? > >Come on, that's just a idea directly from the game "Uplink". You know >any of those "movie-grade"-demagnetisers? You might want to check >Powerlab's can-crusher[1] though, just for the fun of it ;-) > >> I have not run a tor server, so I do not know the exact requirements. >> Can it be done from a ram drive? > >It could, but you'd need to make sure it doesn't swap/page down to disk, >which would be bad. > On a FreeBSD system, it is trivial to encrypt a swapping/paging area. I simply changed the entry in /etc/fstab from /dev/ad0s2b noneswapsw 0 0 to /dev/ad0s2b.eli noneswapsw 0 0 and rebooted. From that moment forward, my swap partition has been encrypted. I'm not a LINUX user, but I would be surprised if there were not some similar facility in LINUX, but I haven't the foggiest notion how one would get Windows XP to encrypt its swapping/paging file or even whether Windows XP has that capability. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
Re: storage privacy (was: Nice quiet, private, anonymous life??)
On Dec 4, 2007 3:35 PM, <[EMAIL PROTECTED]> wrote: > A strong magnetic field close to the hard drive will completely destroy > the data making it impossible to recover. I will also probably fuckup > the drive mechanism, rendering the drive useless. If by strong you mean a super conducting magnet of the sort find in a labratory NMR machine, then probably true. A degaussing coil that you might find in your home, not a chance. > Someone said consumer > demagnetizers were not sufficently strong? How do you know this? The amazing density of moderns drives means the individual magnetic domains need to be very resistant to change. It's a fairly straightforward math exercise which has been performed by people far smarter than I. > I have not run a tor server, so I do not know the exact requirements. > Can it be done from a ram drive? Sure. > Explosives and incendiaries are a poor choice for obvious reasons. Want > to add arson and terrorism to your charges? > > I am not saying magnetism is the only way or even the best way, but a > way, assuming you have recent backups at an undisclosed, secure > location. Any proactive action to destroy data would look very bad in court. Using a ram drive, or simply not logging, would be wise.
Re: storage privacy (was: Nice quiet, private, anonymous life??)
On Tue, Dec 04, 2007 at 01:35:49PM -0700, [EMAIL PROTECTED] wrote: > Judge: "Ok you are to be held in contempt and in jail xyz, until such > time as you give us the pass phrase to your data" Plausible deniability. http://en.wikipedia.org/wiki/TrueCrypt > Most data overwrite programs take too long-you do not have that time > when they are knocking down your door. You have to power down the servers before confiscating them. You can use a smartcard along with a PIN for a login, or at least purge the passphrase after N failed login attempts. Don't assume Mallory is omniscient and omnipotent. Knuckledragger forensics won't even find anything out of ordinary. > A strong magnetic field close to the hard drive will completely destroy > the data making it impossible to recover. I will also probably fuckup Have you any idea how strong the field would have to be? Look it up. > the drive mechanism, rendering the drive useless. Someone said consumer > demagnetizers were not sufficently strong? How do you know this? How about using Google, Luke. Ya think you can install a >1 Tesla coil between your hard drive trays? Ya think forensics can't get at residual bit magnetization with a cleanroom, and a MFM head? You're in for a big surprise, then. > I have not run a tor server, so I do not know the exact requirements. > Can it be done from a ram drive? Let's say you have a hidden service which you don't want to become public. > Explosives and incendiaries are a poor choice for obvious reasons. Want > to add arson and terrorism to your charges? To add insult to the aggravation, thou art a humourless twat to boot. > I am not saying magnetism is the only way or even the best way, but a > way, assuming you have recent backups at an undisclosed, secure > location. I am saying you're talking out of /dev/ass -- Eugen* Leitl http://leitl.org";>leitl http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
Re: storage privacy (was: Nice quiet, private, anonymous life??)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] schrieb:
> Judge: "Ok you are to be held in contempt and in jail xyz, until such
> time as you give us the pass phrase to your data"
Only a matter of the UK at the moment. Bad enough though.
> Most data overwrite programs take too long-you do not have that time
> when they are knocking down your door.
That's were strong encryption might work, along with enough entropy to
claim that this is random data, and not just encrypted files. I heard,
but haven't checked myself, that the "truecrypt"-suite offers something
meeting this requirements.
> A strong magnetic field close to the hard drive will completely destroy
> the data making it impossible to recover. I will also probably fuckup
> the drive mechanism, rendering the drive useless. Someone said consumer
> demagnetizers were not sufficently strong? How do you know this?
Come on, that's just a idea directly from the game "Uplink". You know
any of those "movie-grade"-demagnetisers? You might want to check
Powerlab's can-crusher[1] though, just for the fun of it ;-)
> I have not run a tor server, so I do not know the exact requirements.
> Can it be done from a ram drive?
It could, but you'd need to make sure it doesn't swap/page down to disk,
which would be bad.
> Explosives and incendiaries are a poor choice for obvious reasons. Want
> to add arson and terrorism to your charges?
I don't think is was meant to be serious...
> I am not saying magnetism is the only way or even the best way, but a
> way, assuming you have recent backups at an undisclosed, secure
> location.
It's the Star Trek way. Go for strong encryption. Everything else is
"The Science of 24". ("As seen on National TV!")
Alex.
[1] http://www.powerlabs.org/pssecc.htm
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
iQCVAwUBR1XC4hYlVVSQ3uFxAQKNUwP6A7kUkr9vtzUVIHDi7xIc/ZxjGLqevdez
mXtB+OeuEU1BUwaq2g6haOiu4BWtbDzGZCZobEzvn1bqFCAyWYx4AGXkzb2XR5eN
FngV5I/IZe2T7X4cEfxoK7zjQZBGYHdv2o+krVBnL2DpWIZItwKKE/FHWnLbyNBH
djWOo3hlxnA=
=QJeH
-END PGP SIGNATURE-
Re: storage privacy (was: Nice quiet, private, anonymous life??)
By "full disk encryption" I guess your talking about access via a pass phrase. Judge: "Ok you are to be held in contempt and in jail xyz, until such time as you give us the pass phrase to your data" Most data overwrite programs take too long-you do not have that time when they are knocking down your door. A strong magnetic field close to the hard drive will completely destroy the data making it impossible to recover. I will also probably fuckup the drive mechanism, rendering the drive useless. Someone said consumer demagnetizers were not sufficently strong? How do you know this? I have not run a tor server, so I do not know the exact requirements. Can it be done from a ram drive? Explosives and incendiaries are a poor choice for obvious reasons. Want to add arson and terrorism to your charges? I am not saying magnetism is the only way or even the best way, but a way, assuming you have recent backups at an undisclosed, secure location. On Sun, 02 Dec 2007 17:54:40 -0800, "F. Fox" <[EMAIL PROTECTED]> said: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > coderman wrote: > > apologies in advance for veering this far off topic... > > > > On Dec 2, 2007 2:25 PM, F. Fox <[EMAIL PROTECTED]> wrote: > >> [ strange, dangerous, and likely to fail methods for destroying drives ] > > > > use full disk encryption, even the latest ubuntu supports this. > > > > destroy the disk keys and you've got platters full of entropy. > > > > anything else is just a bad idea. > > > (snip) > > I don't think much of the aforementioned physical "destruction" methods; > I also agree in that full disk encryption is the best way to go, if at > all possible. > > However, given that a system has already been deployed without such > encryption, wouldn't secure overwriting be a reasonable way of > destroying such data? > > It'd be slow, and maybe not effective against the most determined (and > well-funded) attackers - but at least it wouldn't be dangerous, weird, > and violent... =:oD > > - -- > F. Fox > CompTIA A+, Net+, Security+ > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.7 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > iD8DBQFHU2HfbgkxCAzYBCMRAj0dAJ92NHfJqZVVcK/u99gbWTo0jsSnFACeOSJW > EmV8OG+cGBSMlWBGXfqvh1M= > =hc2d > -END PGP SIGNATURE- -- [EMAIL PROTECTED] -- http://www.fastmail.fm - And now for something completely differentÂ…
Re: storage privacy (was: Nice quiet, private, anonymous life??)
privacy back-up storage concept: http://sourceforge.net/tracker/index.php?func=detail&aid=1833093&group_id=178712&atid=886242 http://forums.truecrypt.org/viewtopic.php?t=8000 2007/12/3, F. Fox <[EMAIL PROTECTED]>: > > -BEGIN PGP SIGNED MESSAGE- > >
Re: storage privacy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 > I don't think much of the aforementioned physical "destruction" methods; > I also agree in that full disk encryption is the best way to go, if at > all possible. (snip) While I don't think much of physical destruction either, the "encrypted storage" method might be problematic for legal reasons, at least in the UK. If the police were to ask you to provide encryption keys (which they are now allowed to do), and you have "lost" the keys, they can put you away, even if the data on the drive would not have incriminated you. Thoughts? Anyone from the UK? - --- Eugene -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iFcDBQFHU2g4b9W6r3tKSVIRCE5MAQDXT/eaibgtyT1ds8qw8VMCIqE659JMmERA G1uxtlK+TQD/dj51Atik/PxQ+CHwjtYnaWVbLpREx7TTdPc12wNfFFA= =KvAx -END PGP SIGNATURE-
Re: storage privacy (was: Nice quiet, private, anonymous life??)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 coderman wrote: > apologies in advance for veering this far off topic... > > On Dec 2, 2007 2:25 PM, F. Fox <[EMAIL PROTECTED]> wrote: >> [ strange, dangerous, and likely to fail methods for destroying drives ] > > use full disk encryption, even the latest ubuntu supports this. > > destroy the disk keys and you've got platters full of entropy. > > anything else is just a bad idea. > (snip) I don't think much of the aforementioned physical "destruction" methods; I also agree in that full disk encryption is the best way to go, if at all possible. However, given that a system has already been deployed without such encryption, wouldn't secure overwriting be a reasonable way of destroying such data? It'd be slow, and maybe not effective against the most determined (and well-funded) attackers - but at least it wouldn't be dangerous, weird, and violent... =:oD - -- F. Fox CompTIA A+, Net+, Security+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFHU2HfbgkxCAzYBCMRAj0dAJ92NHfJqZVVcK/u99gbWTo0jsSnFACeOSJW EmV8OG+cGBSMlWBGXfqvh1M= =hc2d -END PGP SIGNATURE-
Re: storage privacy (was: Nice quiet, private, anonymous life??)
On Dec 2, 2007 2:25 PM, F. Fox <[EMAIL PROTECTED]> wrote: [ strange, dangerous, and likely to fail methods for destroying drives ] use full disk encryption, even the latest ubuntu supports this. Last time I tried this with the Ubuntu 7.10 Alternate CD it didn't work. The installer crashes over and over.. With the latest debian testing netinstall cd no problems..
Re: storage privacy (was: Nice quiet, private, anonymous life??)
apologies in advance for veering this far off topic... On Dec 2, 2007 2:25 PM, F. Fox <[EMAIL PROTECTED]> wrote: > [ strange, dangerous, and likely to fail methods for destroying drives ] use full disk encryption, even the latest ubuntu supports this. destroy the disk keys and you've got platters full of entropy. anything else is just a bad idea. see the Tor Operational Security wiki page for more not bad ideas: http://wiki.noreply.org/noreply/TheOnionRouter/OperationalSecurity best regards,
