Security Basics mailing list archives
Re: Encryption as a accepted mean of sanitization
From: "Saqib Ali" <docbook.xml () gmail com>
Date: Tue, 3 Oct 2006 10:15:13 -0700
Hi Connie, I completely understand this. However my question was about NIST. Does NIST now recognize one-way encryption of the HDD as a possible mean to destruct the Data??? On 10/3/06, Sadler, Connie <Connie_Sadler () brown edu> wrote:
Sanitization ensures the data is *gone*. Encryption simply ensures that the data is inaccessible until such a time that it can be cracked (could be 2 years, could be 20 years) - but the data is still there - and potentially crackable. Connie J. Sadler, CM, CISSP, CISM, GIAC GSLC IT Security Officer Brown University Box 1885, Providence, RI 02912 Connie_Sadler () Brown edu Office: 401-863-7266 -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Saqib Ali Sent: Tuesday, October 03, 2006 11:23 AM To: fde () www xml-dev com; security-basics Subject: Re: Encryption as a accepted mean of sanitization The reason I ask this question is because there is a debate going on @ Wikipedia on this topic between user:maxt and user:tngr (don't know who they are). See: 1) http://en.wikipedia.org/wiki/Talk:Full_disk_encryption ; and 2) http://en.wikipedia.org/wiki/FDE IT would be nice to have some clarity on this topic. On 10/2/06, Saqib Ali <docbook.xml () gmail com> wrote: > Hello All, > > NIST recently DELETED the following paragraph from the Special > Publication 800-88 ( > http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pd > f > ): > > "Encryption is not a generally accepted means of sanitization. The > increasing power of computers decreases the time needed to crack > cipher text and therefore the inability to recover the encrypted data > can not be assured." > > Does that mean that NIST now accepts encryption a mean to sanitize a HDD? > -- Saqib Ali, CISSP, ISSAP Support http://www.capital-punishment.net ----------- "I fear, if I rebel against my Lord, the retribution of an Awful Day (The Day of Resurrection)" Al-Quran 6:15 ----------- ------------------------------------------------------------------------ --- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ ---
-- Saqib Ali, CISSP, ISSAP Support http://www.capital-punishment.net ----------- "I fear, if I rebel against my Lord, the retribution of an Awful Day (The Day of Resurrection)" Al-Quran 6:15 ----------- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Encryption as a accepted mean of sanitization Saqib Ali (Oct 03)
- Re: Encryption as a accepted mean of sanitization Saqib Ali (Oct 03)
- RE: Encryption as a accepted mean of sanitization Sadler, Connie (Oct 03)
- Re: Encryption as a accepted mean of sanitization Saqib Ali (Oct 03)
- Re: Encryption as a accepted mean of sanitization Alexander Klimov (Oct 05)
- RE: Encryption as a accepted mean of sanitization Sadler, Connie (Oct 03)
- Re: Encryption as a accepted mean of sanitization Saqib Ali (Oct 03)
- <Possible follow-ups>
- Re: Encryption as a accepted mean of sanitization dj . technocrat . listmail (Oct 04)