[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: storage privacy (was: Nice quiet, private, anonymous life??)



no problem, I accept yours and others assertions that a home made
magnetic device won't work.
It occurs to me that in any case where even one operator knows or has
possession/knowledge of the keys or backups,
that that information could still be gained through torture/coercion in
rare cases where the information effects
"national security" or the guys wanting it are mean SOBs. 


On Wed, 5 Dec 2007 16:28:18 -0800, "coderman" <coderman@xxxxxxxxx> said:
> On Dec 5, 2007 4:05 PM,  <mark485anderson@xxxxxx> wrote:
> > ... Have you actually tested using a magnetic field for this ...
> 
> despite the rudeness of some of this thread, it really is difficult to
> properly clear / purge data from a modern hard disk using a magnetic
> field.  we do this at work, and the device is a large box with loud
> fans.  you must wear heat resistant glove(s) to hold the hard drive
> over the unit for 60+ seconds.  it gets quite hot (see inductive
> smelting, etc).
> 
> arranging such a unit inside a case would be difficult, dangerous, and
> probably not as effective as you think.
> 
> see http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
> 
> this is why full disk encryption is preferable.  it is much quicker
> and safer to securely purge or destroy the disk keys (small) than the
> whole disk itself (large, time consuming).
> 
> there are many ways to configure authentication/authorization for
> encrypted disk access, including multi-factor passphrase, token, even
> biometric.  maybe you leave the keys on disk for headless boot and
> only want the ability to securely wipe them if needed.
> 
> last note, the loop-aes module support key scrubbing in memory, so
> that even ram cannot be inspected for usable disk encryption keys that
> could remain after power down. (some other volume encryption methods
> may also support this, however, loop-aes is the only one i've used
> that does so.)
> 
> best regards,
-- 
  
  mark485anderson@xxxxxx

-- 
http://www.fastmail.fm - mmm... Fastmail...