Re: summer of code - scrub feature

[David Holland <dholland-security%netbsd.org@localhost>]

On Tue, Mar 24, 2009 at 08:04:47AM -0400, Thor Lancelot Simon wrote:
 > > Sure, except encrypting the volume isn't equivalent. Cryptosystems
 > > have limited lifetimes. The bits on a discarded drive platter are,
 > > potentially, exposed indefinitely. For people who care about this
 > > stuff, making an adversary wait a dozen so years before a brute-force
 > > attack becomes feasible might or might not be an acceptable tradeoff.
 > 
 > A dozen years for a brute-force attack on AES?  You *are* pessimistic!

Yes, well, maybe it gets broken. Or, quantum computers or little green
men appear and make all our current cryptosystems obsolete. Or
whatever. You don't know, that's the point. And if one goes by what
appear to be the typical secrecy habits of governments, the timeframe
can potentially be a lot longer than a dozen years.

Encryption is a fine precaution; it doesn't mean that scrubbing isn't
worthwhile also.

-- 
David A. Holland
dholland%netbsd.org@localhost