SV: dsf to write over entire volume

[Thomas Berg]

>From my point of view is the problem that there is a password/key that exists 
>for the encrypted data.  The possibility that the key is known/can be stolen 
>is a realistic risk. 
As long the data is within the owners control this risk can be handled, but not 
after the disk leaved the company. 



Med Vänlig Hälsning
Thomas Berg
________________________________________________________________
Thomas Berg   Specialist   z/OS/IT Delivery   SWEDBANK AB (Publ)


> -----Ursprungligt meddelande-----
> Från: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU]
> För Ron Hawkins
> Skickat: den 15 december 2012 11:40
> Till: IBM-MAIN@LISTSERV.UA.EDU
> Ämne: Re: dsf to write over entire volume
> 
> Radoslaw,
> 
> I'm not sure about the other vendors, but for HDS data at rest
> encryption and secure erase have not been available for 15 years as you
> say. They have been available for half a decade and two product
> generations.
> 
> I think all the vendors are supporting full AES 256 encryption. I'm not
> a cypher expert but a bit of interesting reading on wiki suggest that
> brute force is not going to make the cut in cracking this, and other
> techniques require leaks or incomplete implementation of AES 256. The
> following gave me a surprise as to the scale of computing and time
> required for a brute force
> attack:
> 
>       " AES permits the use of 256-bit keys. Breaking a symmetric
> 256-bit key by brute force requires 2128 times more computational power
> than a 128-bit key. A device that could check a billion billion (1E18)
> AES keys per second (if such a device could ever be made - as of 2012,
> supercomputers have computing capacities of 20 Peta-FLOPS, see Titan.
> So 50 supercomputers would be required to process (1E18) operations per
> second) would in theory require about 3E51 years to exhaust the 256-bit
> key space. " from http://en.wikipedia.org/wiki/Brute-force_attack.
> 
> On average brute force will probably hit pay dirt with half the
> permutations, but even if it gets lucky with a hit at just 0.001% of
> the keys, that's still looks like a lot of zeroes and a lot of
> centuries to me, even if replacing the supercomputers with cloud, grid
> or a truckload of graphics cards doubled the operations per second.
> 
> I think there are two things that have changed from 15 years ago. As
> you reference, one is that secure erasure became vogue due to the urban
> myth that the contents of a disk drive could be completely
> reconstructed by reading the bits on a track that were randomly laid
> down outside the mode write path of a head. Vendors had to respond to
> this so that customers weren't keeping all their disk drives when they
> sold or traded in a controller. Sounder heads have prevailed and this
> idea is being filed away with some of Ian Fleming's best books, but
> having a process to erase the contents of a disk drive with one pass
> (or more) without a host attached remains a good idea. Most recently
> reviewed security standards only require a single write pass for the
> track to be considered securely erased.
> 
> The second thing that has changed is that encryption has superseded
> secure erasure as an acceptable method to secure data on a HDD or SSD
> once the drive leaves the data center. There has been some change in
> physics, such that relatively cheap ASICs can be installed in the disk
> array back ends to process the AES256 cipher without any impact to
> performance, and I'd suggest that this followed adoption AES256
> relatively quickly. Using encryption from initial install prevents
> clear text from being left in remapped sectors and tracks.
> 
> I guess the moot point is whether you accept that brute force cracking
> of
> AES256 is typically measured in thousands of aeons, and must start with
> the resources and planning to run for that time if they don't get lucky
> in the first five minutes.
> 
> Ron
> 
> 
> > -----Original Message-----
> > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU]
> > On Behalf Of R.S.
> > Sent: Thursday, December 13, 2012 10:58 PM
> > To: IBM-MAIN@LISTSERV.UA.EDU
> > Subject: Re: [IBM-MAIN] dsf to write over entire volume
> >
> > W dniu 2012-12-13 18:22, Ron Hawkins pisze:
> > > Radosalw, (Radoslaw, pronounced like Radoslav ;-) )
> >
> > >> Encryption is a matter of time and cost. The question is WHEN I
> > >> will
> > > decrypt
> > >> the data, not IF. And WHEN depends on my budget (the more money
> the
> > >> more zombies works for me) and piece of good luck (I can guess the
> > >> key 5 min. after start or as last possible value).
> > >>
> > > [Ron Hawkins] I'm not sure I follow the point. Encryption occurs
> > > when the data is destaged to the array group, and decrypted when
> you
> > > read it from the disk. There's no overhead to this . If you mean
> > > switching encryption on for existing array groups then yes there
> > > will be some
> > planning involved.
> >
> > I think you missed the point. Encryption does not prevent data from
> > being read, it does DELAY the moment when "hacker" will read the
> data.
> > If the dealy is measuer in centuries that's OK, but nowadays the are
> methods
> > to accelerate decryption (brute force) attacks i.e. using grid, cloud
> > or
> just
> > bunch of PC's, possibly using GPU ("VGA" card processors), possibly
> > using hacked machines without onwers awareness.
> >
> >
> >
> >
> >
> >
> > BTW: This is significant: few years ago nobody suggested (and
> offered)
> full
> > disk encryption inside dasd arrays, nobody was selling security
> > erasure features for those arrays, nobody was selling data erasure
> > programs operating at OS (MVS) level. However degaussers for tape
> > carts were around us even then.
> >
> > What was changed? Physics? No. Maybe with exception of SSD as new
> > media.
> > The issues addressed by the above means had existed for years. 15
> > years
> ago
> > it was also possible to play with bad sectors of disk coming from
> dasd
> array,
> > or preferrably with whole healthy tracks on such disk.
> >
> > What was changed?
> > IMHO two things: minor change in available tools for potential
> hackers
> > and major change in our minds. Changes driven by "horror stories"
> > presented in IT newspapers. Majority of them does not describe real
> attacks
> > but possibilities of such attacks. Considerations how many times
> > should
> the
> > track be overwritten with random data to erase residual vestiges of
> > data
> at
> > sides of the track...
> >
> > That remains me thesis from some movie - probably Bowling for
> > Columbine
> > - the number of violence acts decreased sligthly over the years, but
> > the percentage of report about those acts in the news increased 10
> times.
> > There are specialized TV teams "hunting" for accidents, fussilades,
> > bank robberies, madmen with guns, etc.
> >
> > Maybe it's the same in IT - the vulnerabilities remain unchanged for
> years,
> > but we talk about them much more. ;-)
> >
> >
> > --
> > Radoslaw Skorupka
> > Lodz, Poland
> >
> >
> >
> >
> >
> >
> > --
> > Tre tej wiadomoci moe zawiera informacje prawnie chronione Banku
> > przeznaczone wycznie do uytku subowego adresata. Odbiorc moe
> > by jedynie jej adresat z wyczeniem dostpu osób trzecich. Jeeli
> > nie jeste adresatem niniejszej wiadomoci lub pracownikiem
> > upowanionym do jej przekazania adresatowi, informujemy, e jej
> > rozpowszechnianie, kopiowanie, rozprowadzanie lub inne dziaanie o
> > podobnym charakterze jest prawnie zabronione i moe by karalne.
> > Jeeli otrzymae t wiadomo omykowo, prosimy niezwocznie
> > zawiadomi nadawc wysyajc odpowied oraz trwale usun t
> wiadomo
> > wczajc w to wszelkie jej kopie wydrukowane lub zapisane na dysku.
> >
> > This e-mail may contain legally privileged information of the Bank
> and
> > is intended solely for business use of the addressee. This e-mail may
> > only be received by the addressee and may not be disclosed to any
> third parties.
> If
> > you are not the intended addressee of this e-mail or the employee
> > authorised to forward it to the addressee, be advised that any
> dissemination,
> > copying, distribution or any other similar activity is legally
> > prohibited
> and may
> > be punishable. If you received this e-mail by mistake please advise
> > the sender immediately by using the reply facility in your e-mail
> > software and delete permanently this e-mail including any copies of
> it
> > either printed
> or
> > saved to hard drive.
> >
> > BRE Bank SA, 00-950 Warszawa, ul. Senatorska 18, tel. +48 (22) 829 00
> > 00,
> fax
> > +48 (22) 829 00 33, www.brebank.pl, e-mail: i...@brebank.pl
> > Sd Rejonowy dla m. st. Warszawy XII Wydzia Gospodarczy Krajowego
> > Rejestru Sdowego, nr rejestru przedsibiorców KRS 0000025237, NIP:
> > 526- 021-50-88.
> > Wedug stanu na dzie 01.01.2012 r. kapita zakadowy BRE Banku SA (w
> > caoci wpacony) wynosi 168.410.984 zotych.
> >
> >
> > ---------------------------------------------------------------------
> -
> > For IBM-MAIN subscribe / signoff / archive access instructions, send
> > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> 
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions, send
> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN