> Removing freenet is quite simple in Unix: > > wipe -r /usr/share/freenet
Data recovery services would be laughing at you right now. In a nutshell, you can overwrite the data one time, or a hundred and it does no good. The DoD already discovered this, much to their dismay, when drives started moving to RLE encoding. Drives these days which need to be decommissioned from classified use are simply destroyed. It's rather interesting how they do it, but that's another story. :) Anyway, the best way to keep that data from being recovered is not to store it plaintext in the first place. An easy solution for most people is to grab the encrypted kernel patch from www.kerneli.org and compile it, and the associated losetup and mount utilities. I think I posted about this previously. Also, you want to harden your kernel and disable swap-to-disk on your server - you need to ensure that data in memory is never written to disk, and that kernel memory is inaccessible while the system is up. ie, /dev/kmem is read-protected. Yes, this does break a few utilities.. The reason for this is that the getpass() function leaves a few copies of the plaintext password in memory, as does alot of other kernel functions while it's passed through various pointers and copied around in memory. If someone wants to patch the kernel to zero out those locations in memory and use md5 hashing instead, I'd be impressed. :) Also, if your box is rooted and the fs is/was ever mounted during that boot, you're up a creek. So network integrity is still a very important item.. all this does is make physical compromise of your node alot harder. Nothing more, nothing less. ~ Signal 11 _______________________________________________ Freenet-dev mailing list Freenet-dev at lists.sourceforge.net http://lists.sourceforge.net/mailman/listinfo/freenet-dev
