Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: David Holland (dholland-securitynetbsd.org)
Date: Tue Mar 24 2009 - 06:21:34 CDT
On Sun, Mar 22, 2009 at 10:33:37PM -0400, Thor Lancelot Simon wrote:
> [...] and it goes nowhere to address my basic point,
> which is that causing extra disk writes -- much less the painstakingly
> flushed multiple overwrites that, for example, rm -P does -- today, is
> much, much more expensive than just encrypting the entire volume and
> being done with it.
Sure, except encrypting the volume isn't equivalent. Cryptosystems
have limited lifetimes. The bits on a discarded drive platter are,
potentially, exposed indefinitely. For people who care about this
stuff, making an adversary wait a dozen so years before a brute-force
attack becomes feasible might or might not be an acceptable tradeoff.
David A. Holland