Wolber, Richard C wrote:
On Wednesday, November 01, 2006 8:17 AM Andreas Dilger Wrote:
Did anyone discuss doing this with crypto instead of actually
overwriting the whole file? It would be pretty easy to store
a per-file crypto key in each inode as an EA, then to
"delete" the file all that would be needed would be to erase
the key in a secure matter (which is a great deal easier
because inodes don't move around on disk).
If it's cheap to delete the keys, it's also cheap to harvest
the keys. A per file crypto-key lowers the barrier to entry.
That's true. But can't we combine the advantages of single-secure-key
and per-file krypto key ?
Can't we have a half single-secure-key combined with half
per-file-krypto ? Key management overhead is not
worse than that for single-secure-key. This gives offers same security
with ease for shredding.
Cheers,
Rupesh
This is Schneier 101.
..Chuck..
-
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
-
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
