[<prev] [next>] [<thread-prev] [month] [year] [list]
Date: Mon, 20 Nov 2006 16:22:12 +0530
From: Rupesh Thakare <rupesh@...sterfs.com>
To: "Wolber, Richard C" <richard.c.wolber@...ing.com>
Subject: Re: Shred mount option for ext4?
Wolber, Richard C wrote:
>> On Wednesday, November 01, 2006 8:17 AM Andreas Dilger Wrote:
>>
>> Did anyone discuss doing this with crypto instead of actually
>> overwriting the whole file? It would be pretty easy to store
>> a per-file crypto key in each inode as an EA, then to
>> "delete" the file all that would be needed would be to erase
>> the key in a secure matter (which is a great deal easier
>> because inodes don't move around on disk).
>>
>
> If it's cheap to delete the keys, it's also cheap to harvest
> the keys. A per file crypto-key lowers the barrier to entry.
>
That's true. But can't we combine the advantages of single-secure-key
and per-file krypto key ?
Can't we have a half single-secure-key combined with half
per-file-krypto ? Key management overhead is not
worse than that for single-secure-key. This gives offers same security
with ease for shredding.
Cheers,
Rupesh
> This is Schneier 101.
>
>
> ..Chuck..
> -
> To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
-
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Hosted by DataForce ISP -
Powered by Openwall GNU/*/Linux