I am a big fan of encryption and in particular FDE.
But I still tend to disagree on the approach using FDE to "destroy" no
longer used data on physical media. There are just too many variables
beyond ones control. Just to name a few:
- Will the encryption algorithm still be secure in 10, 30, 50, ?? years?
(Old data may still be valuable data.)
- Is the integration secure? (How do you make sure, that the data on the
platters - or in case of SSDs in the memory cells - really IS encrypted
the way you expect it?)
- Possible backdoors in the algorithm?
- Possible backdoors in the integration?
- Are the "lost keys" really lost? (Might depend on the integration
again and of course the sysadmin.)
I personally see it the other way round: physical destruction is the way
to go - FDE is bonus (e.g. for the "my disk got stolen" case).
If the data really is high profile, the "disk broke" case should be
handled with physical destruction and a new disk should be bought.
Greetz,
Mark
Am 04.12.2022 um 13:47 schrieb Jeroen Massar via swinog:
The real answer, net to using it for target practice, shredding and melting
down is much easier: Full Disk Encryption.
Just lose the encryption keys and the data is useless. If you then also do one
of the above for fun, just added bonus.
FDE helps for the "my disks got stolen" case, but also for the "disk broke"
case, and just letting a random remote hands person remove them: one does not have to trust that
they are destroyed properly, as nobody, but hopefully the sysadmins, have the FDE keys.
Of course, FDE does not help when the disk is online and one can SSH or
otherwise execute code on it, but that is a different problem.
Regards,
Jeroen
PS: Food for thought: what is worse, Financial Services or Advertising?
[and at least you are not scamming people with ponzi schemes, right...? :)
]
On 2 Dec 2022, at 15:51, Martin Ebnoether via swinog <swinog@lists.swinog.ch>
wrote:
Hi all.
As some of you know, I work at a money laund... financial
company. Some time ago, the question arose, how to effectively
destroy data safely and securely in an easy way?
How does your company deal with hard disks (or any media) that
needs to be decommissioned? Do you just dd a few times over it?
Or rather let a professional company shred your media to little
bits?
CU, Venty
--
10 PRINT "BASIC programmers don't die."
20 PRINT "They just GOSUB without RETURN."
30 END
READY.
_______________________________________________
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch
_______________________________________________
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch
_______________________________________________
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch
