[OpenIndiana-discuss] recompiling a program for openindiana
Marc Lobelle
marc.lobelle at uclouvain.be
Mon Nov 20 15:47:53 UTC 2017
Le 20/11/17 15:10, James Carlson via openindiana-discuss a écrit :
> On 11/20/17 04:51, Marc Lobelle wrote:
>> Hum, this means that bcrypt will not erase the original file after
>> encrypying it either and the file must be decrypted to be used. How can
>> I make sure that its contents cannot be recovered on zfs then ? (apart
>> from writing the zfs encryption code that is missing in illumos zfs ; it
>> will have to be done eventually but I'm looking for an interim solution).
> This doesn't work on ZFS, and just doesn't work in general even without
> ZFS. It's not uncommon that hardware itself remaps sectors, potentially
> leaving sensitive data in place and inaccessible to software that just
> goes through the file system layer, but relatively easily recoverable by
> an attacker.
>
> The better answer, assuming physical security is insufficient, is to
> avoid writing sensitive information in the first place: encrypt the data
> before writing or configure the file system itself to encrypt.
Yes, this is what I do on solaris where the encrypt option of zfs is
implemented, but it is not yet available on openindiana, unfortunately.
Marc
>
> A quick google search on "zfs secure delete" will turn up all sorts of
> discussions about this.
>
More information about the openindiana-discuss
mailing list