lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 23 Jul 2005 12:18:55 -0700
From: Jake Appelbaum <jacob@...elbaum.net>
To: "\"Vincent DUVERNET" (Nolmë "Informatique)\"" <vincent.duvernet@...me.com>
Cc: bugtraq@...urityfocus.com
Subject: Re: Peter Gutmann data deletion theaory?

On Fri, 2005-07-22 at 15:01 +0200, "Vincent DUVERNET (Nolmë
Informatique)" wrote:
> every body speaks about hardware & the best way for datas to be 
> unrecoverable.
> Where states can use eletron microcope or other great machines, data 
> encryption like EFS is another way to reinforce security no ?

If you don't want someone to be able to read your data, the best choice
is to encrypt it before it reaches the storage medium. Then destroy the
platters or wipe them or whatever feel good plan you have. Something
like loop-aes in linux or gbde in freebsd does that on the software side
(loop-aes even does in memory encryption key scrubbing [1]).

If you want something kept secret, loop-aes and gbde are your best bets
for offline security even before you've tried to destroy the data.
Sometimes you don't get a chance to destroy your cache of drives in the
closet before someone gets them.

It's obviously a choice about the threat model. With laptops it seems
like an obvious choice. Sometimes the performance hit isn't worth it but
for mobile devices and other high theft devices, it seems like unless
your data is worthless, you should encrypt it.

[1]: "Loop encryption key scrubbing moves and inverts key bits in
kernel RAM so that the thin oxide which forms the storage capacitor
dielectric of DRAM cells is not permitted to develop detectable property."

-- 
Jake Appelbaum <jacob@...elbaum.net>

Download attachment "signature.asc" of type "application/pgp-signature" (156 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ