On 7 October 2011 09:19, Benjie Gillam <benjie@???> wrote:
> On 7 Oct 2011, at 09:05, James Courtier-Dutton wrote:
>
> If you really have to erase all trace of the data, you should really
> have thought about that before writing it to the HD.
> Normal practice now is to use whole disk encryption.
> Then, to erase the whole disk, just erase the key.
>
> That's a valid solution, but not a hugely secure one: since the layout of
> the filesystem is quite predictable in places you can use this knowledge of
> the crypted data to help you break the encryption, the only requirement is
> time. Other weaknesses include key backups and weak passwords. There's also
> high resource attack methods round the corner such as quantum computers
> which should be able to decrypt most encryption very quickly. Or even GPU
> farms which are easily rentable on Amazon's EC2 by the hour, here's some
> software you might use to break the encryption using these:
> http://www.elcomsoft.com/edpr.html
> Personally, I'd "dd if=/dev/urandom of=/dev/sda" even though I have full
> disk encryption enabled, you never know what's round the corner. If I was
> really concerned then I'd use shred (or DBAN).
True on some points. The trick is to choose the right encryption algorithm.
Of the encryption algorithms in the Linux kernel, does anyone know how
they score, on a easy to hard to crack scale?
--
Please post to: Hampshire@???
Web Interface:
https://mailman.lug.org.uk/mailman/listinfo/hampshire
LUG URL:
http://www.hantslug.org.uk
--------------------------------------------------------------
