On Sat, Sep 22, 2012 at 01:31:38AM +0200, Claudio Moretti wrote: > On Sat, Sep 22, 2012 at 12:29 AM, <antispam06@xxxxxxx> wrote: > > > That's about it. A safe remove command is needed? And if yes, does one > > need something more complex than one pass? > > > > > If your drive password is compromised, the filesystem is exposed, so in > theory is possible to retrieve the content of the file, as if it was on a > non encrypted disk. > > So, in my opinion, yes, a safe remove command is necessary and with all the > passes you may need (which depend on the confidentiality of the file). It depends. For plain dm-crypt with a compromised passphrase, do secure delete for a HDD. For LUKS with a compromised passphrase, overwrite the header and key-slot area once for a HDD. For LUKS with a compromised master key, same as for plain dm-crypt. For SSD, do secure unit erase (ATA command), overwrite and physical destruction. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- One of the painful things about our time is that those who feel certainty are stupid, and those with any imagination and understanding are filled with doubt and indecision. -- Bertrand Russell _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
