Re: Somewhat OT, encryption question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On 11/26/2014 04:58 PM, Bill Oliver wrote:

On Wed, 26 Nov 2014, Joe Zeff wrote:


On 11/26/2014 12:47 PM, Bill Oliver wrote:

 Now let's say that flash drive is stolen, lost, etc. *and* the
 passphrase is compromised.  I want the data on the flash drive to be
 available *only on one computer* even if the passphrase is known.


What happens when (not if) some piece of hardware dies without warning?
Then I'd rely on decrypted backups, which are stored under physical lock and key. Or, if necessary, I'd simply go back to the client and get the data again. I do that a lot with paper files, since I burn them when my consultation is finished. Occasionally, the client will come back for more help, and I'll have them resend the information. My problem is *not* loss of data. It's security.
Since I do investigative work and litigation support involving violent deaths occurring in multiple countries, including evaluation of possible human rights abuses and assassinations (though most of what I do is much more mundane), I have *boxes* of confidential material in a safe in my home. For example, one of my coworkers recently returned from Gaza, looking at deaths of children there. As you might expect, the information and imagery she brought back might be inflammatory, and until the final report is released, there are significant issues with data security. But the fact is that she can lose her working copies of stuff because the archival copies are in a secure place.
If someone is willing to break into some place and dynamite a safe, then that's the breaks. However, I also have the problem of folk constantly attempting to gain access to materials electronically. More recently, I lost a flash drive that had sensitive data on it. While the drive is encrypted, and I believe that it was "really" lost, not picked up, I'm not overly concerned. But that started me thinking about trying to fix it so that even if someone had my passphrase, they could still only open it on my secured computer.
You need to look into serious professional security software. THERE are such things used by ngos that are as safe as anything can be from backdoors. Check out Bruce Scheiner's site for recommendations, for example. Go with something that needs a token to decrypt; "something you know and something you have" is what we say.
I work days in secure communications. I do not do secure data, or only some limited cases, so I would have to do some digging myself. 


--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux