[tor-bugs] #5432 [Vidalia]: Improve Panic Button to wipe files and recommend purging with fire
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue Mar 20 20:04:13 UTC 2012
#5432: Improve Panic Button to wipe files and recommend purging with fire
-------------------------+--------------------------------------------------
Reporter: mikeperry | Owner: chiiph
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Vidalia | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
For the TBB Panic Button in #4107, we decided against extensive efforts to
wipe the TBB directory because it would be exceedingly difficult to do it
correctly in the face of all adversaries.
However, this doesn't mean that in the happy future, we shouldn't make
some attempt to wipe the contents of the TBB dir.
In the face of risk/reward vs time spent on wiping, I think the following
OS-agnostic protocol is optimal:
1. Overwrite each file with ONE PASS of 0's or pseudorandom stream.
2. Rename each file to pseudorandom name
3. Rename each directory to pseudorandom name
4. rm -rf .
For any situation that requires more effort or time than this, we should
recommend fire and/or acid. Perhaps we should even tell the user they
should consider fire as a backup measure in a nice dialog before or after
the wipe is complete.
Otherwise, this should be sufficient to deter a low-funded adversary with
access to Norton Utilities Unerase and the like.
This mode probably should be a different option than the Panic Button,
because even one pass of zeroes or psuedorandom data will take a while. In
some situations (such as those that would require a Panic Button) you
might not have that luxury.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5432>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list