a question for pythonistas about securely wiping a file

[chan] general
Aug 12 12:04

Creating and reading files with python is simple. I want to create a file in python code that will be exactly 16 KiB (not KB). The application will routinely write to this file but the size of the file will always be exactly 16 KiB. Encryption keys will be written to the file and regularly changed. Then the file will be wiped multiple times with patterns before the new key data is written in encrypted format. I know how to do this. It's very simple to measure string length and ensure the exact data is written. It's very simple to write the loops for the wiping algorithms. I don't need help with that. That said, I want the file, after initial creation, to always occupy the exact same sectors on disk, with a few extra sectors reserved in case of sector damage or disk curruption. So when the file is written and re-written repeatedly, I want it to always be on the same sectors in this reserved range so key data is not spread out and recoverable by forensics techniques. Even though the key data will be written encrypted I do not feel that is enough. When old keys are disposed, those old keys must truly disappear via various overwriting patterns. Is there a way to achieve this in python?

[chan] general
Aug 12 12:36

Creating and reading files with python is simple. Creating and re written in this file will be written and reading files with python? It's very simple to always be exactly KiB; not spread out and ensure The file but the wiping algorithms. That: is written and re written in python is will be written encrypted I want the key data is written and reading files with that: is written. Creating and re written to this. So key data is simple; to write to do not KB, the file is enough. Creating and ensure regularly changed. It's very simple to this: file but the file is enough. So key data is written and ensure the loops for the exact data is simple: to always be written and reading files with that will be written: in python is written; to measure string length and reading files with a file will be wiped multiple times with that is written: and regularly changed. Creating and reading files with that will be written encrypted I know want the application will be exactly KiB not KB, The exact data is enough. Creating and ensure the file and re written and re written encrypted I want to create a few extra sectors in this file and ensure reading files with python is simple to always be written encrypted I want to the file but the do want to write to always create a file but the key data is written and ensure the file, will be written in python is enough.

[chan] general
Aug 12 13:08

Yes and no. Yes, as you can use ctypes or Python extension or subprocess to utilize libraries or other programs that can do what you want. No, as you really are just delegating to an existing library or program which can be done in other languages just as well. Also you may have to communicate with the storage device at the the driver level to get the desired assurance the firmware is not transparently writing to another sector due to corruption or to evenly spread writes across the physical sectors.

[chan] general
Aug 12 13:25

I have a lot of RTFM to do. I was hoping python had disk magic to avoid libraries. 8( Thank you, sir. I suppose the next best thing is an encrypted sqlite / gzip / lzma type container which would cause extra trouble for forensic recovery since it would be double encrypted.

[chan] general
Aug 12 13:54

This question is related to OS too. For example I was reading ext4 defragmentation manual recetly, and according to it OS stores writable data in buffer, and in certain cases like enabled online defrag - buffer will be written to new place on the disk to combine some file chunks together.

[chan] general
Aug 13 03:02

Have a look at sqlcipher

[chan3] general
Aug 13 19:08

Chances are, if its on "spinning rust" with a modern disk, controller and interface standard you've had it - security wise. For particularly sensitive data. Less so for flash and sram storage. Ideally have all your interim cleartext datafiles entirely in volatile DDRAM ( ramdisk ). Unless you dealing with truly enormous data sets DDRAM is cheap enough to contain all your data and even the Virtual Machine running the sql server ans client code. Also make sure that swap isn't active in a way likely to copy any of it to permanent disk storage.

[chan] general
Aug 14 04:56

not if you have lvm + luks and encrypted swap.

[chan] general
Aug 14 10:09

You got that right +1 all the way.

[chan] general
BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r

Subject Last Count
what happened ? Dec 17 21:58 1
??? safer version control ??? Dec 17 21:58 1
QIBLMSOJ Dec 17 21:00 1
Bitmessage TRULY UNSECURE Dec 17 20:39 22
BULLRUN = Daniel J. Bernstein Dec 17 20:33 7
Grammar and Syntax Totalitarianism Dec 17 19:33 3
torIRC server online Dec 17 19:10 18
33 Dec 17 19:05 3
RetroShare Dec 17 18:33 14
bitcoin at 16000 € Dec 17 16:46 1
we hack the government Dec 17 15:52 1
some deep web pages Dec 17 14:00 5
mail system Dec 17 13:53 2
xxx Dec 17 13:41 2
pic inside Dec 17 13:09 3
well hello there, beautiful... Dec 17 12:49 2
AAA Dec 17 12:40 1
2.jpg Dec 17 12:40 3
pose Dec 17 12:21 1
1.png Dec 17 12:15 2
on the beach Dec 17 12:13 1
why everyone seems to visit this darksite ? Dec 17 12:06 6
the 900 chan super mammoth Dec 17 09:11 2
Mozilla installed "entertainment" malware in Firefox Dec 17 09:01 1
Thanks Dec 17 04:44 2
I cannot be bought , bullied , reasoned or negotiated with Dec 17 04:43 7
windows93 Dec 17 04:38 2
suicide-note Dec 17 04:13 10
Tor + Private Obfs4 Bridge Dec 17 04:04 1
is there anyone here? Dec 17 00:32 7
general BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r Dec 16 20:19 1
Secure communication system Dec 16 19:35 6
XSRIQYQX Dec 16 17:31 1
suicide.note Dec 16 16:59 12
Data Privacy: What Washington Doesn't Want You to Know Dec 16 16:57 1
MICROWAVE MIND CONTROL Dec 16 16:57 2
Homohammed Dec 16 16:15 1
SO STUPID! Dec 16 14:16 3
bbye Dec 16 13:30 8
bye - I shall rewrite my suicide note Dec 16 13:24 1
Programming, Motherfucker - Do you speak it? Dec 16 12:56 12
why the fuck is nobody posting anything ? Dec 16 12:42 1
[chan] suicide-note Dec 16 12:42 4
[chan] suicide-note Dec 16 12:42 1
BORN TO DIE Dec 16 12:40 2
OK lets start a chat Dec 16 12:36 17
naked tag game in Polish Nazi camp - cool ! Dec 16 12:19 12
cop running amok in Paris ! good work ! Mr. Arnaud Martin Dec 16 12:17 16
fuck me I have 80 connections Dec 16 11:01 4
shut the fuck up, Donny ! Dec 16 10:54 1
torIRC246 Dec 16 09:07 1
GBCREHX6 Dec 16 02:34 3
we hack the government Dec 15 22:51 3
bitcoin rising like crazy Dec 15 22:12 28
launch torIRC straight from a BM Dec 15 22:09 2
The Blue whale Game Dec 15 21:19 1
Camelot Dec 15 18:39 2
under control Dec 15 18:33 2
actually working mp4 file repair Dec 15 17:09 17
Geminid meteor shower peak Dec 13-14 Dec 15 15:39 18
cultists on the linux forums browbeat them into sticking to linux Dec 15 15:37 3
god fucking damn it fuck those cocksuckers at the FCC Dec 15 13:05 7
evolution - RNA world hypothesis Dec 15 13:03 7
check it out or die Dec 15 07:58 1
help Dec 15 03:58 2
Dear NASA phan boiz Dec 14 20:36 4
please post your onion and uptime in UTC London time in this list Dec 14 16:43 6
Hacking 101 Dec 14 08:21 2
Cat Goddess on the beach Dec 14 07:51 12
Profit Dec 14 07:45 1
Genghis Koyn warned about SEC clampdown months beforehand Dec 14 00:14 2
Nyx Dec 14 00:10 1
torIRC server Dec 13 23:53 16
mass extinction of BM users Dec 13 18:06 2
when you die Dec 13 15:56 1
Programming/hacking services provider Dec 13 13:23 1
Muhammad.. peace be upon him Dec 13 05:01 2
Bitmessage dead? Dec 13 03:22 7
why the fuck is nobody anything ? Dec 12 23:16 8
(no subject) Dec 12 17:09 10
Burkhard Heim Dec 12 15:14 2
CIA - Project STARGATE Dec 12 14:59 1
United States gravity control propulsion research Dec 12 14:15 1
torIRC Monday Dec 12 13:33 1
torIRC Monday Dec 12 13:29 23
new onion torirc Dec 12 05:23 1
torIRC mini ver. Dec 12 03:37 5
torIRC -- u gonna use it or not ? Dec 12 03:36 2
sent via API : torIRC9050.py Dec 12 03:29 15
The Revolution of Crypto-Anarchism is to design and spread rapidly a non-paradoxal cyberspace. Dec 11 15:59 2
torIRC9050.py Dec 11 15:14 4
torIRC Monday - code Dec 11 10:44 1
eerily quiet on bitmessage Dec 11 09:31 7
So much bullshit here! Dec 11 08:05 7
suicide Dec 11 03:16 8
Does this work Dec 11 02:15 2
Hello everyone! :) Dec 11 01:10 1
Is bittext.ch down? Dec 11 00:37 2
BitText importantY: important-info Dec 11 00:16 1
BitText mission007: The "general" chan's mission statement Dec 11 00:06 1