Security Basics mailing list archives
RE: Encryption as a accepted mean of sanitization
From: "Sadler, Connie" <Connie_Sadler () brown edu>
Date: Tue, 3 Oct 2006 13:08:48 -0400
Sanitization ensures the data is *gone*. Encryption simply ensures that the data is inaccessible until such a time that it can be cracked (could be 2 years, could be 20 years) - but the data is still there - and potentially crackable. Connie J. Sadler, CM, CISSP, CISM, GIAC GSLC IT Security Officer Brown University Box 1885, Providence, RI 02912 Connie_Sadler () Brown edu Office: 401-863-7266 -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Saqib Ali Sent: Tuesday, October 03, 2006 11:23 AM To: fde () www xml-dev com; security-basics Subject: Re: Encryption as a accepted mean of sanitization The reason I ask this question is because there is a debate going on @ Wikipedia on this topic between user:maxt and user:tngr (don't know who they are). See: 1) http://en.wikipedia.org/wiki/Talk:Full_disk_encryption ; and 2) http://en.wikipedia.org/wiki/FDE IT would be nice to have some clarity on this topic. On 10/2/06, Saqib Ali <docbook.xml () gmail com> wrote:
Hello All, NIST recently DELETED the following paragraph from the Special Publication 800-88 ( http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pd f ): "Encryption is not a generally accepted means of sanitization. The increasing power of computers decreases the time needed to crack cipher text and therefore the inability to recover the encrypted data can not be assured." Does that mean that NIST now accepts encryption a mean to sanitize a
HDD?
-- Saqib Ali, CISSP, ISSAP Support http://www.capital-punishment.net ----------- "I fear, if I rebel against my Lord, the retribution of an Awful Day (The Day of Resurrection)" Al-Quran 6:15 ----------- ------------------------------------------------------------------------ --- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Encryption as a accepted mean of sanitization Saqib Ali (Oct 03)
- Re: Encryption as a accepted mean of sanitization Saqib Ali (Oct 03)
- RE: Encryption as a accepted mean of sanitization Sadler, Connie (Oct 03)
- Re: Encryption as a accepted mean of sanitization Saqib Ali (Oct 03)
- Re: Encryption as a accepted mean of sanitization Alexander Klimov (Oct 05)
- RE: Encryption as a accepted mean of sanitization Sadler, Connie (Oct 03)
- Re: Encryption as a accepted mean of sanitization Saqib Ali (Oct 03)
- <Possible follow-ups>
- Re: Encryption as a accepted mean of sanitization dj . technocrat . listmail (Oct 04)