or Connect
AppleInsider › Forums › Software › Mac OS X › Auto defrag + secure delete = not secure?
New Posts  All Forums:Forum Nav:

Auto defrag + secure delete = not secure? - Page 2

post #41 of 49
It wouldn't be reasonable to over-engineer secure delete. If you really want security you already have encrypted images available which address ALL the concerns given so far. And secure deleting the encrypted image will not suffer from the problems of singular files because of its properties as an image.

Worrying about traces of a non-encrypted file being scattered across a drive if it was ever fragmented enough to rewrite and then not having those unencrypted traces hunted down and eradicated when asking to secure delete the file is a lot like worrying about the stain resistant properties of your Dockers on the day you went to work/school in your undies.

If you are worried about data theft your unencrypted data is infinitely more vulnerable before it was secure-deleted. The chances of reconstruction out of scattered fragments are infitessimal. Why worry about Buck Rodgers file reconstruction when someone could have just copied the unencrypted file while you were away for coffee?
.
Reply
.
Reply
post #42 of 49
Not sure I understood your answers properly, but are you people sure that secure delete doesn't just secure delete all spots marked empty, compared to just the spot that file occupied last? In other words secure erase free space. Wouldn't that be quite secure? I do realize that professionals can find magnetic traces on even already writen over spaces, but wouldn't that still give proper enough security for normal use?
post #43 of 49
You're confusing "secure erase free space" with "secure delete file".
post #44 of 49
Quote:
Originally posted by Chucker
You're confusing "secure erase free space" with "secure delete file".

Yes, I totally did confuse things, and I apologise, but I try again, why do they have secure delete file, if "Empty free space" is what they should do in the first place? Doesn't "Empty free space" secure clear all unused sectors? So it erases these remains of auto defrag?
Also bit off topic, doesn't auto defrag really touch any files that are bigger than 20megs? In todays world almost anything is bigger than 20megs. Is it possible to manually force defrag?
post #45 of 49
The reason there's two separate options is that secure erase empty space takes half an eternity. When all you want to do is securely get rid of a file or a folder, secure remove (srm) is a lot, lot faster (even if it isn't quite as safe, as demonstrated in this thread).

And yes, defragmentation is limited to files below 20 MBs. Above that threshold, it would take long enough to actually negatively impact working performance.
post #46 of 49
When I travel with my iBook I have my passport and stuff saved in an encrypted disk image with a 20+ character password. I think turn file vault on and have a big long password with it.

I don't want some terroists stealing my computer and using that crap for evil.

Any free apps out there that wipe clean your hdd?

This seems like a complicated problem, I never thought about the spotlight pointers.


Quote:
Originally posted by Brian Green
The question I have about this is, is Apple aware of this, and can they fix secure delete to address all of the security problems discussed so far in this thread?

Seems to me that it's a very useful feature that ought to be toughened up to really be secure. I don't have enough knowledge on this topic to write to Apple and ask for this feature to be looked at and improved. Has anyone contacted Apple with their concerns on this security matter?
Hard-Core.
Reply
Hard-Core.
Reply
post #47 of 49
Quote:
Originally posted by aplnub
When I travel with my iBook I have my passport and stuff saved in an encrypted disk image with a 20+ character password. I think turn file vault on and have a big long password with it.

I don't want some terroists stealing my computer and using that crap for evil.

Any free apps out there that wipe clean your hdd?

This seems like a complicated problem, I never thought about the spotlight pointers.

Wouldn't partial solution be turning spotlight indexing off for the directory, and then re-building spotlight index?
post #48 of 49
Thread Starter 
Quote:
Originally posted by aplnub
I think turn file vault on and have a big long password with it.

And there is a problem with that also. When *first* encrypting a home directory, the unencrypted version is deleted normally, so it is not really secure. This was certainly a problem with 10.4.0 I think an update later fixed this problem, not sure.
PM G5 Dual 2.0GHz, 2GB RAM
PB G4 1.67GHz, 1.5GB RAM
Reply
PM G5 Dual 2.0GHz, 2GB RAM
PB G4 1.67GHz, 1.5GB RAM
Reply
post #49 of 49
Quote:
Originally posted by aplnub
When I travel with my iBook I have my passport and stuff saved in an encrypted disk image with a 20+ character password. I think turn file vault on and have a big long password with it.

I don't want some terroists stealing my computer and using that crap for evil.

Any free apps out there that wipe clean your hdd?

This seems like a complicated problem, I never thought about the spotlight pointers.

Disk Utility does the job by erasing your free space. You just have to think about where your data is or how it got to where it is.

1. download a file or save a file form a program to your normal HD space then that file is unencrypted
2. if this file is under 20MB, it will be defragged on the fly and parts copied over your HD
3. if this file is saved to a directory spotlight indexes, some or all of the file will be indexed

If you then decide to encrypt this file and secure delete, parts 2 and 3 mean recoverable elements may still exist. Cleaning your free space should remove those, although filename fragments may be recoverable in the drive database.

As long as the file remains on the encrypted disk, it won't be indexed and only the encrypted image will be defragged if under 20MB. If it defragged the contents of the image, it would do so in the encrypted space.

To avoid having to erase, you can save files directly to encrypted disks.

BTW, I wouldn't use filevault. It uses a sparse image which can get corrupted after a crash.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac OS X
AppleInsider › Forums › Software › Mac OS X › Auto defrag + secure delete = not secure?