Re: [Tails-dev] Why Tails partition is non-deterministic?

Nachricht löschen

Nachricht beantworten
Autor: segfault
Datum:  
To: Joanna Rutkowska
CC: The Tails public development discussion list
Betreff: Re: [Tails-dev] Why Tails partition is non-deterministic?
Joanna Rutkowska:
> On Sat, Aug 27, 2016 at 06:54:10PM +0000, segfault wrote:
> The added value would be ensuring the unused portion of the disk blocks
> (occupied by the Tails partition) are not populated with some random garbage,
> which might be e.g. user's previous (unencrypted) content, such as... family
> pictures ;)


Ok, but data leakage and verification are different problems IMO. In the
tails-verifier I did not try to prevent data leakage or the other
possibility of using unverified parts as a hidden channel (which could
be used by malware), but only focus on modifications which could alter
the behavior of Tails (i.e. changes in boot code or files).
I think preventing data leakage and hidden channels is also desirable,
but because of the behavior of flash drives you mentioned, I think it is
hard to guarantee this.

> Generally, I think the Tails installer should at least ask the user to wipe the
> disk with 'dd if=/dev/zero'. Admittedly, because of wear leveling mechanisms
> this might not be effective, because AFAIU modern flash memories would include
> (X*size) of the actual physical storage in order to expose (size) bytes of
> storage to the host, where X > 1.


Right, so `dd if=/dev/zero` would not always protect from data leakage.
So I tend to disagree that we should do this in Tails Installer, because
it would make the installation process slower and might give a wrong
feeling of security.

> But perhaps if the wiping were repeated N times, where N = ceiling (X), with
> random content this time (in order to fool any optimizations by the device),
> then it should be fine?


Would this guarantee that every byte was overwritten? Wouldn't it be
possible that the same (size) bytes get overwritten multiple times but
the (X-1)*size other bytes stay the same?

Cheers