Motivation

You want to temporarily store some files such that either a loss of power or the execution of a few commands will render those files practically irretrievable to any sophisticated analyst with unlimited access to your hardware, including yourself.

This has applications, for instance, when you have received an encrypted file and need to temporarily store the plaintext contents it in order to use it. Or maybe someone has sent you something encrypted with your PGP key and you won't even know what it is you have until you decrypt it and inspect it. Maybe you need a staging area for some sensitive information before encrypting it for transit.

Storing the plaintext as a regular file on your hard drive has the same flaw that all regular files have: a deleted file is still present on the device until the blocks they occupied and the inode they used are reallocated and overwritten. Recently-deleted files are very easy to completely recover, as the data has not been overwritten yet. Older files can be partially recovered. An analyst doing a full block-by-block search could potentially find lots of things you thought were gone.

Obvious But Flawed Solution

You may think that a good solution is to mount a tmpfs filesystem or use one of the tmpfs mounts already present. The problem with this is swap files/drives. If you have a high enough memory load or leave the data on the tmpfs for a long enough time, some or all of the data will get written to your swap file/drive. When the power is cut, snoops can simply analyze your swapped-out memory for goodies. Even worse, the data will sit there forever until someday when it is overwritten by other swapped-out memory, meaning your data could persist in your swap file/drive for much longer than you think.

Either disable all swap files and swap drives, or use the better solution.

Better Solution

Use an encrypted loopback filesystem that has a random password that you don't (and can't) know. The procedure to do this is very similar to DebianNodes/EncryptedLoopback, except you feed losetup a random password read from /dev/random. After setting up your regular file backingfile and modprobe cryptolooping, run the following as root.

lodev=`losetup -f` head -c 8 /dev/random | losetup -e aes --pass-fd 0 -f $lodev backingfile && mke2fs -m 0 $lodev && mount $lodev mntpnt/ && chmod a+rwxt mntpnt/

If the power is cut or the loopback device is cleared, the data will still be on your hard drive, but it will be encrypted with a random password that you couldn't recall even if you wanted to. The data is effectively irretrievable.

If this isn't paranoid enough for you, then you can also tell losetup to offset into the file by a small random number that is not a power of 2. This helps in fending off known-plaintext attacks on the crypto since certain portions of an ext2 filesystem are highly predictable, especially for freshly created filesystems.

Best Solution

Attach a kill switch to the power supply that ignites some thermite mounted above your hard drive and above your RAM. RAM contents can be preserved by flash-freezing it moderately soon after power loss (source), so the only option for the really paranoid is to slag EVERYTHING.

DebianNotes/ReallyVolatileStorage (last edited 2010-06-22 00:44:32 by MrGreen)