C#中的文件粉碎 [英] File Shredding in C#
问题描述
嗨
我工作的公司终于在我们的领域唤醒了数据安全性
笔记本电脑。我正在用C#写一些东西,允许远程删除
敏感数据,我不相信File.Delete()就足够了。
.NET中是否有任何东西可以删除文件的任何剩余?
如果不容易,有没有人知道我可以
挂钩去做肮脏的工作,不用其他吗?
TIA
格伦
Hi
The company I work for has finally woken up to data security on our field
laptops. I''m writing something in C# that will allow remote deletion of
sensitive data and I don''t believe File.Delete() will be sufficient.
Is there anything in .NET that removes any remanence of the file?
If it isn''t going to be easy, does anyone know of a component that I can
hook into to do the dirty work, free of otherwise?
TIA
Glenn
推荐答案
glennanthonyb写道:
glennanthonyb wrote:
嗨
我工作的公司终于在我们的领域唤醒了数据安全性
笔记本电脑。我正在用C#写一些东西,允许远程删除
敏感数据,我不相信File.Delete()就足够了。
.NET中是否有任何东西可以删除文件的任何剩余?
如果不容易,有没有人知道我可以
挂钩去做肮脏的工作,不用其他吗?
TIA
格伦
Hi
The company I work for has finally woken up to data security on our field
laptops. I''m writing something in C# that will allow remote deletion of
sensitive data and I don''t believe File.Delete() will be sufficient.
Is there anything in .NET that removes any remanence of the file?
If it isn''t going to be easy, does anyone know of a component that I can
hook into to do the dirty work, free of otherwise?
TIA
Glenn
嗯,典型的方法是用一组模式覆盖文件
专门定制,以便很难从中获取数据磁盘。
请注意,简单地用0'覆盖文件是不够的,因为一个专用的破解者可以让你的磁盘恢复服务和提取
数据基于原始数据中剩余的磁信号。
我不是专家,甚至不是很了解这一点,而是来自我收集的是什么,b $ b它被存储为磁盘上的模拟峰值。假设一个0的b $ b信号是0位,1.0的信号是1位。当你在一个位置写一个
1位时,某事写入接近1.0,如0.95。如果
然后给它写一个0,写入更接近0.0的东西,如0.2。
这些信号可以通过信号分析恢复,因此
最佳方法是将大量随机数据写入每个位置,
一遍又一遍地混淆信号。
注意这不是万无一失,取决于系统你写的是b $ b。例如,在我的笔记本电脑上,我有Rollback Rx和Rollback Rx。安装后,
在快照之后将原始数据保存在磁盘上,因为它是旧版快照的一部分,因此覆盖文件实际上不是
将其删除。
因此,这种安全性不是你可以从应用程序中覆盖的一部分。需要包括一个特定的设置或设置
的机器标准。
-
Lasse V?gs ?karlsen
mailto:la *** @ vkarlsen.no
http://presentationmode.blogspot.com/
PGP KeyID:0xBCDEA2E3
Well, the typical method is to overwrite the file with a set of patterns
specifically tailored to make it hard to get back the data from the disk.
Note that simply overwriting the file with 0''s isn''t enough, as a
dedicated cracker could take your disk to a recovery service and extract
data based on magnetic signals leftover from the original data.
I''m no expert, or even very knowledgeable in this, but from what I
gather, the bits are stored as analog peaks on the disk. Let''s say a
signal of 0 is bit 0, and a signal of 1.0 is bit 1. When you write a
1-bit in a location, something close to 1.0 is written, like 0.95. If
you then write a 0 to it, something closer to 0.0 is written, like 0.2.
These signals can be recovered using signal analysis, and thus the
"best" way would be to write out lots of random data to each location,
over and over again, to jumble up the signal.
Note that this is not foolproof either, depending on the system you''re
writing to. For instance, on my laptop I have "Rollback Rx" installed,
which after a snapshot keeps the original data available on the disk as
part of an older snapshot, and thus overwriting the file won''t actually
remove it.
As such, this kind of security is not something that you can cover from
an application 100%, you might need to include a specific setup or set
of criteria for the machine as well.
--
Lasse V?gs?ther Karlsen
mailto:la***@vkarlsen.no
http://presentationmode.blogspot.com/
PGP KeyID: 0xBCDEA2E3
2008年5月13日星期二11 :57:09 +0100,glennanthonyb
< gl ********** @ yahoo.co.ukwrote:
On Tue, 13 May 2008 11:57:09 +0100, "glennanthonyb"
<gl**********@yahoo.co.ukwrote:
>您好
我工作的公司终于在我们的笔记本电脑上醒来了解数据安全性。我正在用C#写一些东西,允许远程删除敏感数据,我不相信File.Delete()就足够了。
>Hi
The company I work for has finally woken up to data security on our field
laptops. I''m writing something in C# that will allow remote deletion of
sensitive data and I don''t believe File.Delete() will be sufficient.
正确,它不会。
Correct, it will not.
>
.NET中有什么删除文件的任何剩余?
>
Is there anything in .NET that removes any remanence of the file?
通行证。
您可能遇到的问题不仅仅是覆盖文件。数据
可能在处理过程中已交换到光盘,因此您还应该将交换文件切换为
。该文件的早期版本可能正常删除了
,因此您可能还需要覆盖磁盘上未使用的空间
。新文件可能已被放置在磁盘扇区中之前用于敏感数据的
,因此您可能需要覆盖现有文件末尾的
冗余空间。
我不清楚.NET安全类是否足以知道它们是否具有任何或所有这些的b $ b。
Windows API中可能会有一些低级函数可以让你做部分或全部这些。
rossum
Pass.
You may have a larger problem than just overwriting files. The data
may have been swapped to disc during processing, so you should also
shred the swapfile. An earlier version of the file might have been
deleted normally, so you might also need to overwrite the unused space
on the disk. A new file might have been placed in disk sectors
previously used for sensitive data so you might need to overwrite the
slack space at the end of existing files.
I do not know the .NET security classes well enough to know if they do
any or all of this. There may well be some low level functions in the
Windows API that will let you do some or all of this.
rossum
>
如果它不容易,有没有人知道我可以用来做脏工作的组件,没有否则?
TIA
Glenn
>
If it isn''t going to be easy, does anyone know of a component that I can
hook into to do the dirty work, free of otherwise?
TIA
Glenn
感谢Lasse的解释
这更像是一次降低风险的练习,所以我想我只是试图保护数据免受那些使用像Winundelete这样的应用程序的人的影响。 >
或Undelete Plus。我应该指出硬盘驱动器是加密的,因为数据库中有客户详细信息我试图删除。
目前我''将文件加载到一个字节数组中,随机化字节
数组并将随机数据写回x次,然后删除文件中的
。这似乎有点太容易了。
如你所说,你不能保证数据无法恢复,但我会
喜欢达到这样的水平,即在他或她可以访问任何有意义的
数据之前,需要专用的破解者才能访问扫描探针显微镜? - 尽管可能请问有点太多了。
谢谢
Glenn
" Lasse V?gs?ther卡尔森" < la *** @ vkarlsen.nowrote in message
news:%2 **************** @ TK2MSFTNGP04.phx.gbl ...
Thanks for the explanation Lasse
This is more of a risk reduction exercise, so I guess I''m just trying to
protect the data against someone who''s using an application like Winundelete
or Undelete Plus. I should point out that the hard drive is encrypted as is
the database with the customer details I''m trying to delete.
At the moment I''m loading the file into a byte array, randomising the byte
array and writing back the randomised data x number of times, then deleting
the file. It just seems a bit too easy.
As you mention, you can''t guarantee the data can''t be recovered, but I''d
like to get to a level that would require a dedicated cracker to have access
to scanning probe microscope before he or she could access any meaningful
data - although that might be asking a little bit too much.
Thanks
Glenn
"Lasse V?gs?ther Karlsen" <la***@vkarlsen.nowrote in message
news:%2****************@TK2MSFTNGP04.phx.gbl...
glennanthonyb写道:
glennanthonyb wrote:
>嗨
我工作的公司终于在我们的笔记本电脑上唤醒了数据安全性。我正在用C#写一些东西,允许远程删除敏感数据,我不相信File.Delete()就足够了。
.NET中有什么东西吗?删除文件的任何剩余?
如果它不容易,有没有人知道我可以挂钩进行脏工作的组件,没有否则?
TIA
格伦
>Hi
The company I work for has finally woken up to data security on our field
laptops. I''m writing something in C# that will allow remote deletion of
sensitive data and I don''t believe File.Delete() will be sufficient.
Is there anything in .NET that removes any remanence of the file?
If it isn''t going to be easy, does anyone know of a component that I can
hook into to do the dirty work, free of otherwise?
TIA
Glenn
嗯,典型的方法是覆盖文件一套模式
专门定制,以便很难从磁盘上取回数据。
注意只需用0'覆盖文件s是不够的,因为一个专门的黑客可以将你的磁盘带到恢复服务中,并根据原始数据中剩余的磁信号提取数据。 />
我不是专家,甚至不是很了解这一点,但从我收集的内容来看,
这些位被存储为模拟峰值磁盘。假设0
的信号为0位,1.0的信号为1位。当您在
位置写入1位时,写入接近1.0,如0.95。如果你然后给它写了一个0,那么就会写出更接近0.0的东西,比如0.2。这些信号可以使用信号分析来恢复,因此最佳信号可以被恢复。方式是
一遍又一遍地向每个位置写出大量随机数据,以便
混淆信号。
请注意,这也不是万无一失的,取决于系统你写的是
。例如,在我的笔记本电脑上,我有Rollback Rx和Rollback Rx。安装后,
在快照之后将原始数据保存在磁盘上,因为它是旧版快照的一部分,因此覆盖文件实际上不是
删除它。
因此,这种安全性不是你可以从
应用程序100%覆盖的,你可能需要包括一个特定的设置或一套
标准的机器。
-
Lasse V?gs ?karlsen
mailto:la *** @ vkarlsen.no
http://presentationmode.blogspot.com/
PGP KeyID:0xBCDEA2E3
Well, the typical method is to overwrite the file with a set of patterns
specifically tailored to make it hard to get back the data from the disk.
Note that simply overwriting the file with 0''s isn''t enough, as a
dedicated cracker could take your disk to a recovery service and extract
data based on magnetic signals leftover from the original data.
I''m no expert, or even very knowledgeable in this, but from what I gather,
the bits are stored as analog peaks on the disk. Let''s say a signal of 0
is bit 0, and a signal of 1.0 is bit 1. When you write a 1-bit in a
location, something close to 1.0 is written, like 0.95. If you then write
a 0 to it, something closer to 0.0 is written, like 0.2. These signals can
be recovered using signal analysis, and thus the "best" way would be to
write out lots of random data to each location, over and over again, to
jumble up the signal.
Note that this is not foolproof either, depending on the system you''re
writing to. For instance, on my laptop I have "Rollback Rx" installed,
which after a snapshot keeps the original data available on the disk as
part of an older snapshot, and thus overwriting the file won''t actually
remove it.
As such, this kind of security is not something that you can cover from an
application 100%, you might need to include a specific setup or set of
criteria for the machine as well.
--
Lasse V?gs?ther Karlsen
mailto:la***@vkarlsen.no
http://presentationmode.blogspot.com/
PGP KeyID: 0xBCDEA2E3
这篇关于C#中的文件粉碎的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
