| 1 |
On Sun, Dec 10, 2017 at 4:00 PM, Wols Lists <antlists@××××××××××××.uk> wrote: |
| 2 |
> |
| 3 |
> So the OP needs to be aware that, if his file is smaller than the chunk |
| 4 |
> size, then it *will* be recoverable from a disk pulled from an array, be |
| 5 |
> it md-raid or zfs. |
| 6 |
> |
| 7 |
> The question is, then, how big is a chunk? And if zfs is anything like |
| 8 |
> md-raid, it will be a lot bigger than the 512B or 4KB that a naive user |
| 9 |
> would think. |
| 10 |
> |
| 11 |
|
| 12 |
I suspect the data is striped/chunked/etc at a larger scale. |
| 13 |
|
| 14 |
However, I'd really go a step further. Unless a filesystem or block |
| 15 |
layer is explicitly designed to prevent the retrieval of data without |
| 16 |
a key/etc, then I would not rely on something like this for security. |
| 17 |
Even actual encryption systems can have bugs that render them |
| 18 |
vulnerable. Something that at best provides this kind of security "by |
| 19 |
accident" is not something you should rely on. Data might be stored |
| 20 |
in journals, or metadata, or unwiped free space, or in any number of |
| 21 |
ways that makes it possible to retrieve even if it isn't obvious from |
| 22 |
casual inspection. |
| 23 |
|
| 24 |
If you don't want somebody recovering data from a drive you're |
| 25 |
disposing of, then you should probably be encrypting that drive one |
| 26 |
way or another with a robust encryption layer. That might be built |
| 27 |
into the filesystem, or it might be a block layer. If you're |
| 28 |
desperate I guess you could use the SMART security features provided |
| 29 |
by your drive firmware, which probably work, but which nobody can |
| 30 |
really vouch for but the drive manufacturer. Any of these are going |
| 31 |
to provide more security that relying on RAID striping to make data |
| 32 |
irretrievable. |
| 33 |
|
| 34 |
If you really care about security, then you're going to be paranoid |
| 35 |
about the tools that actually are designed to be secure, let alone the |
| 36 |
ones that aren't. |
| 37 |
|
| 38 |
-- |
| 39 |
Rich |
Archives