(Changing the subject line to reflect topic drift).
Thats not bad (make the decryption dependant on accessibility of the entire
file) nice as a design idea. But that could be expensive in the sense that
any time any block in the file changes, you have to re-encrypt the
encryption or, more efficiently the key computed from the hash of the file.
Still you have to re-write the header any time there is a block change,
and do it atomically or log recoverably ideally. Also you have re-read and
hash the whole file to re-compute the xor sha(encrypted-file) header. Well
I guess even that is relatively fixable probably eg merkle hash of the
blocks of the file instead plus a bit of memory cacheing.
Adam
On Mon, Sep 23, 2013 at 03:00:03PM +0200, Natanael wrote:
I made a suggestion like this elsewhere:
Store the keys split up in several different files using Shamir's
Secret Sharing Scheme. Encrypt each file with a different key. Encrypt
those keys with a master key. XOR each encrypted key with the SHA256 of
their respective encrypted files. Put those XORed keys in the headers
of their respective files.
If you manage to securely wipe just ~100 bits of any of the files, the
keys are unrecoverable.
I don't know if that can provide enough assurance of secure deletion on
a flash memory, but it's better than nothing.
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
