Re: Encryption as a accepted mean of sanitization

["Saqib Ali" <docbook.xml () gmail com>]

Hi Connie,

I completely understand this. However my question was about NIST.

Does NIST now recognize one-way encryption of the HDD as a possible
mean to destruct the Data???

On 10/3/06, Sadler, Connie <Connie_Sadler () brown edu> wrote:
> Sanitization ensures the data is *gone*. Encryption simply ensures that
> the data is inaccessible until such a time that it can be cracked (could
> be 2 years, could be 20 years) - but the data is still there - and
> potentially crackable.
>
> Connie J. Sadler, CM, CISSP, CISM, GIAC GSLC
> IT Security Officer
> Brown University Box 1885, Providence, RI 02912
> Connie_Sadler () Brown edu
> Office: 401-863-7266
>
>
> -----Original Message-----
> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
> On Behalf Of Saqib Ali
> Sent: Tuesday, October 03, 2006 11:23 AM
> To: fde () www xml-dev com; security-basics
> Subject: Re: Encryption as a accepted mean of sanitization
>
> The reason I ask this question is because there is a debate going on @
> Wikipedia on this topic between user:maxt and user:tngr (don't know who
> they are).
>
> See:
> 1) http://en.wikipedia.org/wiki/Talk:Full_disk_encryption ; and
> 2) http://en.wikipedia.org/wiki/FDE
>
> IT would be nice to have some clarity on this topic.
>
>
>
> On 10/2/06, Saqib Ali <docbook.xml () gmail com> wrote:
> > Hello All,
> >
> > NIST recently DELETED the following paragraph from the Special
> > Publication 800-88 (
> > http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pd
> > f
> > ):
> >
> > "Encryption is not a generally accepted means of sanitization. The
> > increasing power of computers decreases the time needed to crack
> > cipher text and therefore the inability to recover the encrypted data
> > can not be assured."
> >
> > Does that mean that NIST now accepts encryption a mean to sanitize a
> HDD?
> >
>
>
> --
> Saqib Ali, CISSP, ISSAP
> Support http://www.capital-punishment.net
> -----------
> "I fear, if I rebel against my Lord, the retribution of an Awful Day
> (The Day of Resurrection)" Al-Quran 6:15
> -----------
>
> ------------------------------------------------------------------------
> ---
> This list is sponsored by: Norwich University
>
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has
> designated Norwich University a center of Academic Excellence in
> Information Security. Our program offers unparalleled Infosec management
> education and the case study affords you unmatched consulting
> experience.
> Using interactive e-Learning technology, you can earn this esteemed
> degree, without disrupting your career or home life.
>
> http://www.msia.norwich.edu/secfocus
> ------------------------------------------------------------------------
> ---


--
Saqib Ali, CISSP, ISSAP
Support http://www.capital-punishment.net
-----------
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15
-----------

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------