Securely delete files...

Chris Walters cwal989 at comcast.net
Thu Aug 21 03:30:22 CEST 2008


Michel Messerschmidt wrote:
> There is also the possibility to use encryption for *all* data on a
> harddisk. If the key is stored somewhere else (e.g. in your mind or on 
> another disk), this may prevent data recovery on a similar level.

Let's not confuse a *key* and a *passphrase*.  This discussion came up on the
Gentoo user forum not too long ago.  If you just have a key and you store it on
another disk (or flash drive, etc.), it would be possible for someone with
access to you, your home, and your computer to find the key and decrypt the
data.  It would be a tad hard to memorize a key or set of them - if they are
good, they are random.

Passphrases are the most insecure form of data encryption.  It *has* to either
be something you can remember, or it has to be stored somewhere.  Weak
passphrases mean that your data can be decrypted with more simple attacks
against your passphrase.  Even it is is strong, and can not conceivably be
cracked in, say 50 years, certain entities have methods of getting you to give
them the passphrase.

Oh, and one more thing.  If you encrypt your whole disk, you will need
something like a boot CD to be able to decrypt your drive and use it.

Regards,
Chris

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20080820/fde1f705/attachment-0001.pgp>


More information about the Gnupg-users mailing list