Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
> A regulatory question: What if one ran high quality encryption on top of > the raided disks or rebalancing LVM devices. It seems that should make the > regulations happy. Would that work? The issue is can someone UNDELETE a file you've shred'ed or whatever if they really really want to. As in have the resources of a hostile government sponsored espionage agency or commercial competitor or organized crime syndicate. SHRED(1G) is enough for use on a easy to trash 1980's filesystem, if you have enough flags to make life difficult for your adversary. (you need several flags if they have a scanning force microscope of appropriate form and several months.). For a resilent, no-fsck-needed modern filesystem, or a RAID shred(1g) and friends don't have deep enough hooks to find and GUARANTEE multiply re-write, not just free, all the redundant bits. [It MIGHT rewrite all the bits of both copies in a RAID1, but they don't guarantee it?) For merely regulatory compliance, where good faith "best commercial practices" may be a defence against liability, it *might* be sufficient if you destroy the keys and free the storage. If you really want to be sure no one gets the data, you also need to REALLY really know you destroyed the keys, all copies of the keys, any temp files' free blocks that might bits of key. Same problem though on a smaller file. In JABR's case, he's not protecting HIS regulatory compliance, he's protecting his CUSTOMER's compliance, so needs to match THEIR paranoia and risk level. -- Bill [hidden email] [hidden email] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ Discuss mailing list [hidden email] http://lists.blu.org/mailman/listinfo/discuss
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |