[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Re[8]: Torpark 1.5.0.6 Pre-release



Hi Arrakistor,

Wear-levelling (TrueFFS) is another security issue to
concider as USB are not magnetic you can't be postive
all data has been over-written properly (if they'r
using wear-levelling that is).  As a fix for this an
end-user can format there USB with a file-system (eg.
Fat, NTFS, UFS, etc) which _should_ fix the security
issue.

Please see this 01' paper by Perter Guttmann "Data
Remanence in Semiconductor Devices" (see section 6.4):
<http://www.usenix.org/events/sec01/full_papers/gutmann/gutmann_html/>

Here is a great and relevent thread from TC forums:
<http://forums.truecrypt.org/viewtopic.php?t=1702&postdays=0&postorder=asc>


Quote: 
(again formatting the USB with file system should fix
this issue)
-----
USB drives use wear-levelling algorithms - sort of a
low level file format that resides in the key and is
lower level than the operating system's file system.
Whenever a file is written to the USB key, it
distrubtes the file in a psuedo-random fashion across
the key's memory cells so that no one cell gets
written too many times. This extends the operative
life of the key because any one memory cell has a
limited number of writes before it dies. Therefore,
since most shredding alog's essentially write files
full of random data a certain number of times, there
is no way of knowing if the particular data you wanted
"erased" has in fact been overwritten even once.
----

P.S. Maybe TorPark should have it's own mailing list
to keep this one clean?

Anogeorgeo,


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com