Another route to securely "erasing" information is encryption. OpenBSD
includes at least 3 systems for disk encryption (svnd, softraid, and
cfs (ports)). I've personally used cfs and svnd, and as is usually
the case on OpenBSD, both work nicely once you RTFM. (I should really
write an undeadly article on how to use svnd.) If you erase/forget the
keys (passphrases), then to the extent that you trust the crypto, the
data is effectively erased.
You can "erase" an encrypted disk (whether partition, filesystem, or
file) this way even if the physical disk drive is broken and won't let
you do 'rm -P' or other such overwriting.
Moreover, if your hardware is still alive, there's probably considerable
synergism between encryption and "secure deletion": it seems likely
that data recovery is much easier if the recovered data can be easily
recognizable as such, rather than looking like random noise. Good
crypto results in in the on-disk data before "secure deletion" looking
like random noise, so it should make data-recovery harder. (To get
any useful information, data-recovery would then have to be followed
by somehow breaking the encryption.)
ciao,
--
-- "Jonathan Thornburg [remove -animal to reply]"
<jth...@astro.indiana-zebra.edu>
Dept of Astronomy, Indiana University, Bloomington, Indiana, USA
"Washing one's hands of the conflict between the powerful and the
powerless means to side with the powerful, not to be neutral."
-- quote by Freire / poster by Oxfam
