On 7 Oct 2011, at 09:05, James Courtier-Dutton wrote:
>
> If you really have to erase all trace of the data, you should really
> have thought about that before writing it to the HD.
> Normal practice now is to use whole disk encryption.
> Then, to erase the whole disk, just erase the key.
That's a valid solution, but not a hugely secure one: since the layout of the filesystem is quite predictable in places you can use this knowledge of the crypted data to help you break the encryption, the only requirement is time. Other weaknesses include key backups and weak passwords. There's also high resource attack methods round the corner such as quantum computers which should be able to decrypt most encryption very quickly. Or even GPU farms which are easily rentable on Amazon's EC2 by the hour, here's some software you might use to break the encryption using these:
http://www.elcomsoft.com/edpr.html
Personally, I'd "dd if=/dev/urandom of=/dev/sda" even though I have full disk encryption enabled, you never know what's round the corner. If I was really concerned then I'd use shred (or DBAN).--
Please post to: Hampshire@???
Web Interface:
https://mailman.lug.org.uk/mailman/listinfo/hampshire
LUG URL:
http://www.hantslug.org.uk
--------------------------------------------------------------
