[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Default number of overwrites in shred
From: |
Peter Eckersley |
Subject: |
Default number of overwrites in shred |
Date: |
Wed, 02 May 2007 23:35:06 +0000 |
Hi!
I was wondering if you would consider reducing the number of default
overwrites for "shred" from 25 to something more like 5?
We'd like to get shred called from more standard packages (starting with
logrotate). For various reasons, plenty of systems seem to have large
enough log files (10s of megabytes) to make the shred load spike really
nasty on a server.
John Gilmore (CCed) has been arguing very strongly that we shouldn't
have logrotate override shred's default on this, but should instead be
changing shred to get a better default performance/security tradeoff.
The literature seems to say that large numbers of writes (25+) were
barely adequate on old 80s and 90s disks, but that even a single
overwrite cycle is extremely hard to get past on modern disks:
http://www.usenix.org/events/sec01/full_papers/bauer/bauer_html/index.html
http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf
(p 16)
I also read a more detailed paper (which unfortunately I can't track
down now) which elaborated that the problem on old disks was that
performing huge numbers of writes today might lay down a lot of data
*next to* where the disk was writing yesterday, but not quite on top of
it. The spatial location of the heads is much more precise on modern
disks, so this doesn't happen anymore.
--
Peter Eckersley address@hidden
Staff Technologist Tel +1 415 436 9333 x131
Electronic Frontier Foundation Fax +1 415 436 9993