R.S. wrote: >Well, two points: >1. Encryption means the data is still there, but you need a lot of time or >...just good luck to access it. So, when you dispose encrypted media then it's >very unlikely someone could read it, but when you dispose erased media then >you are sure. >2. LAS, BUT NOT LEAST: you assumed site's policies are reasonable. Security >people are reasonable. Bad assumption. There are so many cases proving the >opposite. As an example I've met lately: one has to degauss disk drives which >were never ever used for storing company data. Whole dasd box was never >attached to any host. However, in order to dispose the box, despite of common >sense, he has to remove every disk drive, degauss it, store it's serial number >in the protocol (as well as the vendor and type/model). Why? Policy!
1) Only in theory. Assuming strong encryption (TDES or better-hopefully better, nowadays), it's more likely that they'll guess what's on the disk than that they'll be able to decrypt it. http://www.youtube.com/watch?v=koJQQWHI-ZA for a good, intelligible discussion. Remember that when cryptographers assess attacks on crypto, they make lots of assumptions that help the attacker, like known plaintext/ciphertext pairs. This makes sense, as it means "In the worst case, algorithm x is y bits strong". But in the real world, such assumptions often don't apply, and so even relatively weak crypto can be de facto quite secure. So from a practical standpoint, "good luck" just isn't going to happen, at least not in this time-space continuum, nor is "a lot of time" going to suffice. The vastness of the keyspace alone makes that true: you're talking many, many times the heat-death of the universe, even with every computer on the planet working 24x7. Add in the requirement to recognize the decrypted data when you've found it, and it's even worse. A simple example: if I encrypt a ZIP file with DES (56 bit keystrength) and you believe it's a .doc file, you will cheerfully cruise right by the correct key, because you won't see the .doc signature you're expecting. If you're trying to decrypt an encrypted volume, maybe you can look for eyecatchers in the VTOC or something; but if not, the problem is orders of magnitude harder right off the base. 2) Not to pick a fight, but this doesn't strike me as that unreasonable. Seems cheaper to do the degaussing to all drives rather than trust internal records to be correct as to which volumes were used where: the cost of being wrong is less than the cost of the wasted effort. But sure, we can easily come up with cases where applying policy is even less plausible. Cheers, ...phsiii ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN