Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Encryption as a accepted mean of sanitization

From: Alexander Klimov <alserkli () inbox ru>
Date: Thu, 5 Oct 2006 12:28:12 +0200 (IST)
Hi.

On Tue, 3 Oct 2006, Saqib Ali wrote:

I completely understand this. However my question was about NIST.

Does NIST now recognize one-way encryption of the HDD as a possible
mean to destruct the Data???


Obviously, leaving encrypted data on HDD is no more insecure than
sending encrypted data thru an open channel. This is the original
purpose of cryptography -- if your crypto is not good enough for this
why you use it at all?

Unfortunately, NIST cannot simply say the opposite (if the data was
always encrypted you do not need to destroy the medium), because this
must be accompanied by correct key-management. For example, if the key
is derived from on-disk data and a weak password -- it is easily
crackable.

-- 
Regards,
ASK

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: