Miles Nordin wrote:
"djm" == Darren J Moffat <darr...@opensolaris.org> writes:
>> encrypted blocks is much better, even though
>> encrypted blocks may be subject to freeze-spray attack if the
>> whole computer is compromised
the idea of crypto deletion is to use many keys to encrypt the drive,
and encrypt keys with other keys. When you want to delete something,
forget the key that encrypted it.
Yes I know, remember I designed ZFS crypto and this is exactly one of
the use case.
djm> Much better for jurisdictions that allow for that, but not all
djm> do. I know of at least one that wants even ciphertext blocks
djm> to overwritten.
The appropriate answer depends when do they want it done, though. Do
they want it done continuously while the machine is running whenever
someone rm's something? Or is it about ``losing'' the data, about
media containing encrypted blocks passing outside the campus, or just
not knowing where something physically is at all times?
I'm not in a position to discuss this jurisdictions requirements and
rationale on a public mailing list. All I'm saying is that data
destruction base only on key destruction/unavailability is not
considered enough in some cases.
--
Darren J Moffat
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss