On Fri, 2005-07-22 at 15:01 +0200, "Vincent DUVERNET (Nolmë Informatique)" wrote: > every body speaks about hardware & the best way for datas to be > unrecoverable. > Where states can use eletron microcope or other great machines, data > encryption like EFS is another way to reinforce security no ? If you don't want someone to be able to read your data, the best choice is to encrypt it before it reaches the storage medium. Then destroy the platters or wipe them or whatever feel good plan you have. Something like loop-aes in linux or gbde in freebsd does that on the software side (loop-aes even does in memory encryption key scrubbing [1]). If you want something kept secret, loop-aes and gbde are your best bets for offline security even before you've tried to destroy the data. Sometimes you don't get a chance to destroy your cache of drives in the closet before someone gets them. It's obviously a choice about the threat model. With laptops it seems like an obvious choice. Sometimes the performance hit isn't worth it but for mobile devices and other high theft devices, it seems like unless your data is worthless, you should encrypt it. [1]: "Loop encryption key scrubbing moves and inverts key bits in kernel RAM so that the thin oxide which forms the storage capacitor dielectric of DRAM cells is not permitted to develop detectable property." -- Jake Appelbaum <jacob@xxxxxxxxxxxxx>
Attachment:
signature.asc
Description: This is a digitally signed message part