How would you do that ...

vedaal at nym.hush.com vedaal at nym.hush.com
Tue May 4 23:46:31 CEST 2021


Or, for the really paranoid ;-)you can have random data on a read-only
mini cdrom,and use it as an OTP, and throw it into a garbage
incinerator afterwards.
If you are up against adversaries where this is necessary,this methods
may ultimately not help ...
=====

On 5/4/2021 at 1:19 PM, "Ingo Klöcker"  wrote:On Dienstag, 4. Mai
2021 18:47:50 CEST Robert J. Hansen via Gnupg-users wrote:
> For modern SSDs I generally recommend a single pass with random
data:
> 
> dd if=/dev/urandom of=/dev/foo bs=1M
> 
> (Don't forget the blocksize [bs] parameter; it can improve speed
> significantly.)
> 
> This is enough to foil the vast majority of forensic analysis.  Yes,
> yes, SSDs have remapping capabilities which means certain memory
cells
> won't get hit even if you do this, and it's theoretically possible
for a
> good forensics nerd to do all kinds of wild magic to pull off data
you
> didn't even know was there... but that kind of very high-level
forensics
> nerdery costs a lot of money, and few people are worth that kind of
> investment.

I'd always use full disk encryption ideally with the key stored on a
USB 
token. Otherwise, with a very good passphrase.

And, after use, wipe the disk and destroy the token.

Modern enterprise-level SSDs also have secure erase, but, of course,
you'd 
have to trust the hardware manufacturer to implement it properly
without any 
backdoors which you probably don't want to do in the above scenario.

Regards,
Ingo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210504/c923d8f4/attachment-0001.html>


More information about the Gnupg-users mailing list