|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: David Holland (dholland-security
netbsd.org)
Date: Tue Mar 24 2009 - 06:21:34 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sun, Mar 22, 2009 at 10:33:37PM -0400, Thor Lancelot Simon wrote:
> [...] and it goes nowhere to address my basic point,
> which is that causing extra disk writes -- much less the painstakingly
> flushed multiple overwrites that, for example, rm -P does -- today, is
> much, much more expensive than just encrypting the entire volume and
> being done with it.
Sure, except encrypting the volume isn't equivalent. Cryptosystems
have limited lifetimes. The bits on a discarded drive platter are,
potentially, exposed indefinitely. For people who care about this
stuff, making an adversary wait a dozen so years before a brute-force
attack becomes feasible might or might not be an acceptable tradeoff.
--
David A. Holland
dhollandnetbsd.org
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]