On Thursday 28 July 2005 07:41, Anonymous wrote: > Tom Vier <[EMAIL PROTECTED]> wrote: > > I'm the author of wipe, btw (the one at wipe.sf.net). Meta-data > > journaling alone isn't a problem (except for wiping filenames), but full > > data journaling is, and some journaled fs (like reiser) don't necessarily > > place data on the same blocks when you overwrite (log-structured and > > versioning filesystems, especially). To be sure you overwrite the old > > blocks, you have to overwrite the whole partition. > > But that's not usually practical! > > > That's why it's best to encrypt sensitive data in the first place. That > > way, there's no plain text left around. > > True, but if you want to edit a file (with vi, gimp, openoffice or > anything else) you have to save it then encrypt it then wipe it. A > file you can't edit is not a useful file!
I think what may have been implied was hard disk encryption in which an entire partition is transparently encrypted. (This can be done with dmcrypt or loop-AES.) (An easy-to-setup option would be to encrypt /tmp, and send all non-encrypted plaintext to there before re-encrypting and saving elsewhere; this is easily done with the cryptsetup package--read /usr/share/doc/cryptsetup/???. Swap could become dangerous, but that, too, is easily fixed with the same package.) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
