Secure Erasing is actually harder than that...
Ray Dillinger
bear at sonic.net
Thu Feb 22 11:14:25 PST 2001
On Thu, 22 Feb 2001, Sampo Syreeni wrote:
>On Tue, 20 Feb 2001, Ray Dillinger wrote:
>
>>We need editors that don't put cleartext on the disk when you
>>hit the "save" command.
>
>Why not simply use encrypted hard drives? Make the driver forget key
>material in a fixed period of keyboard inactivity? This would be a helluva
>lot easier than making secure versions of every existing application out
>there...
The problem with an encrypted drive is that the applications that
are able to write it have got to do key management, and all of
those existing applications were written with the assumption that
they didn't have to do key management.
There are various workarounds, but that's what they are - workarounds.
If your application can read and write an encrypted drive without
specifically providing the keys, then a trojan on your system can
read and write an encrypted drive without specifically providing
the keys.
These workarounds can only work by "hiding" key management from
the application, and thus from the user - which means key
management gets done badly if at all. Good crypto can't be
tacked on - it has to be designed in.
Another problem with an encrypted drive is that an encrypted drive is
infrastructure that someone is likely to not have in place when they
first discover a real need to encrypt.
Don't get me wrong -- I believe in encrypted drives. They provide
a "mix" so you can't tell which bit was written by what application,
and that's a valuable service. But there are limits to what they
can do or should be relied on to do. Applications that write to
(and more importantly, which read from) the encrypted drive should
themselves be crypto-aware and do proper key management.
Bear
More information about the Testlist
mailing list