On Thu, Nov 29, 2001 at 01:36:35PM -0500, Everhart, Glenn (FUSA) wrote: > If I am right that these things really aren't out there much > (apart from the cryptodisk) it implies that the often-recommended > approach of pulling the plug on the disk is exactly the wrong > thing to do. Ah, just because it isn't for sale, or on sourceforge, doesn't mean it doesn't exist. I would expect a resourceful programmer could put this functionality into the kernel of any freely available Unix-like system pretty easily, for use on all system files. Of course, if one wanted to do something similar as a user program, that too is possible, but won't be transparent to their applications. A resourceful organization could easily hire this work done. > I would be most interested to see if anybody in > the real world actually has a data destroying daemon ready to > run at a keystroke. Ah, I don't know of general purpose computers that do this, but the IBM 4758 crypto co-processor can zeroize its memory under dozens of attack conditions. Lesser computers do this too, e.g., dallas semi's jbuttons. FIPS 140 provides guidelines and a certification levels that hardware vendors can use with their products. > Seens hard to imagine trusting records on > such a box. If then you figure to encrypt rather than > destroy data, isn't it simpler to have it encrypted all the > time on disk in the first place? Just encrypting the data (rather than having methods to outright destroy the data) requires some faith that the encryption methods won't be broken, that the key won't be recovered (either directly or through analysis of encrypted data blocks on disk), and that the encryption was used in such a fashion that the useage won't be the weak point. Destroying the data requires faith that the disk won't be given to Peter Gutmann for analysis. :) Combining both, of course, is a pretty decent booby trap. :) > By now surely criminals informed enough to think about booby traps > can figure the foregoing out. Probably. Or, they can just get the info from FIPS documents. :) -- People who separate manpages from the programs they document would steal sheep. -- apologies to Goudy ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Nov 30 2001 - 03:22:01 PST