[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re[10]: Torpark 1.5.0.6 Pre-release



Anothony,


> Wear-levelling (TrueFFS) is another security issue to
> concider as USB are not magnetic you can't be postive
> all data has been over-written properly (if they'r
> using wear-levelling that is).  As a fix for this an
> end-user can format there USB with a file-system (eg.
> Fat, NTFS, UFS, etc) which _should_ fix the security
> issue.

> Please see this 01' paper by Perter Guttmann "Data
> Remanence in Semiconductor Devices" (see section 6.4):
> <http://www.usenix.org/events/sec01/full_papers/gutmann/gutmann_html/>

> Here is a great and relevent thread from TC forums:
> <http://forums.truecrypt.org/viewtopic.php?t=1702&postdays=0&postorder=asc>


I'm familiar with truecrypt, i'll check this forum and the other link.


> Quote: 
> (again formatting the USB with file system should fix
> this issue)
> -----
> USB drives use wear-levelling algorithms - sort of a
> low level file format that resides in the key and is
> lower level than the operating system's file system.
> Whenever a file is written to the USB key, it
> distrubtes the file in a psuedo-random fashion across
> the key's memory cells so that no one cell gets
> written too many times. This extends the operative
> life of the key because any one memory cell has a
> limited number of writes before it dies. Therefore,
> since most shredding alog's essentially write files
> full of random data a certain number of times, there
> is no way of knowing if the particular data you wanted
> "erased" has in fact been overwritten even once.
> ----

I  will see if there is any great demand for it. Perhaps it could have
two  wiping methods, one for electronic storage devices, and other for
magnetic,  using  low  level formats on the former, and guttman on the
latter.


> P.S. Maybe TorPark should have it's own mailing list
> to keep this one clean?

Eh,  I  have  a forum. Lots of users, but not many participants. Sorry
for junking up your listserv Roger.

Arrakis