SafeDelete also scambles the file's name, creator and file type, creation date, modification date and backup date seven times: the idea being to leave as little information for someone to work with as possible.
The idea of using seven overwrites comes from Bruce Scheiner in his book "Applied Cryptography".
Using SafeDelete in the previous example would have meant that the employee's could not have recovered anything. SafeDelete just writes random data over the top of the files then marks the file space as empty.
The same company saw the error of their ways and got SafeDelete, but didn't read this file: again the personel manager's Mac was upgraded and given to the employee's, safe in the knowledge that all the files had been securely erase using SafeDelete. Unfortunately, the personel manager had virtual memory switched on and had been writing a memo about a rival company that was short of employee's, but paid better than his. Again, after a little bit of use of file recovery and disk editors the employee's discovered this information and all left for the rival. The moral of the story is that at periodic interval you should turn virtual memory off and use SafeDelete's "Clean Disk" option to erase all the free space on your hard disk.
8.7. What does ``random'' mean in cryptography?Cryptographic applications demand much more out of a pseudorandom number generator than most applications. For a source of bits to be cryptographically random, it must be computationally impossible to predict what the Nth random bit will be given complete knowledge of the algorithm or hardware generating the stream and the sequence of 0th through N-1st bits, for all N up to the lifetime of the source.
A software generator (also known as pseudo-random) has the function of expanding a truly random seed to a longer string of apparently random bits. This seed must be large enough not to be guessed by the opponent. Ideally, it should also be truly random (perhaps generated by a hardware random number source).
Those who have Sparcstation 1 workstations could, for example, generate random numbers using the audio input device as a source of entropy, by not connecting anything to it. For example,
cat /dev/audio | compress - >foo
gives a file of high entropy (not random but with much randomness in it). One can then encrypt that file using part of itself as a key, for example, to convert that seed entropy into a pseudo-random string.
When looking for hardware devices to provide this entropy, it is important really to measure the entropy rather than just assume that because it looks complicated to a human, it must be "random". For example, disk operation completion times sound like they might be unpredictable (to many people) but a spinning disk is much like a clock and its output completion times are relatively low in entropy.
Paul Thow expressly disclaim all other warranties, express or implied, including but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Paul Thow does not warrant that the functions contained in the software will meet your requirements, or that the operation of the software will be uniterrupted or error-free, or that defects in the software will be corrected, furthermore, Paul Thow does not warrant any representations regarding the use or the results of the use of the software or related documentation in terms of their correctness, accuracy, reliability, or otherwise. No oral or written information or advice given by Paul Thow or an authorized representative shall create a warranty or in any way increase the scope of this warranty. Should the software prove defective, you (and not Paul Thow or and authorized representative) assume the entire cost of all necessary servicing, repair or correction. Some jurisdications do not allow the exclusion of implied warranties, so the above exclusion may not apply to you.
Under no circumstances including negligence, shall Paul Thow be liable for any incidental, special or consequential damages that result from the use or inability to use the software or related documentation, even if Paul Thow or an authorized representative has been advised of the possibility of such damages. Some jurisdictions do not allow the limitation or exclusion of liability for incidental or consequential damages so the above limitation may not apply to you. In no event shall Paul Thow's total liability to you for all damages, losses, and causes of action (whether in contract, tort (including negligence) or otherwise) exceed that portion of the amount paid by you is fairly attributable to the software.
Mail Address: | Paul Thow (SafeDelete) 105c Longate Peterhead, AB42 6JU United Kingdom |
Email: | pathow@dircon.co.uk pathow@kagi.com |
Web: | http://www.users.dircon.co.uk/~pathow/ |
FTP: | ftp://ftp-thow:ftp-thow@ftp.dircon.co.uk/pub/ |