-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Eugen Leitl wrote: > On Tue, Dec 04, 2007 at 01:35:49PM -0700, [EMAIL PROTECTED] wrote: (snip) >> Most data overwrite programs take too long-you do not have that time >> when they are knocking down your door. > > You have to power down the servers before confiscating them. > You can use a smartcard along with a PIN for a login, or at > least purge the passphrase after N failed login attempts. > > Don't assume Mallory is omniscient and omnipotent. Knuckledragger > forensics won't even find anything out of ordinary. >
IIRC, if you have a TrueCrypt volume and you want to permanently disable access to it (instead of relying on its plausible deniability mechanisms) - in a hurry - there are two possible ways: 1.) Securely overwrite the first 1024KB of the volume; IIRC, this contains the actual, fixed volume keys, encrypted with the credentials you've chosen to use. Without this, even the proper credentials will fail to open the drive. 2.) TrueCrypt offers the use of keyfiles as credentials, in addition to (or even in lieu of) a passphrase; these can be kept exclusively on a removable medium of some kind (e.g., USB drive, CD-R). Destroy the medium with the keyfiles, and decryption becomes (basically) impossible. >> A strong magnetic field close to the hard drive will completely destroy >> the data making it impossible to recover. I will also probably fuckup > > Have you any idea how strong the field would have to be? Look it up. > (snip) He should look it up. IIRC, Gutmann's famous paper, "Secure Deletion of Data From Magnetic and Solid-State Memory," dealt with degaussing/demagnetizing as a possible method of data destruction. In short, the strength of the magnetic field would have to be enormous - far more than even most industrial magnets can provide - to properly destroy data on a modern hard drive. (Now, maybe if you could get access to the experimental U.S. Navy magnet that was mentioned... =xoD ) > > I am saying you're talking out of /dev/ass > LOL! =xoD I'll have to remember that one! =:oD - -- F. Fox Owner of node "kitsune" CompTIA A+, Net+, Security+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHVgOBbgkxCAzYBCMRAqznAJ9g6q6aJXFLFUJikq7rHjuADa76fgCgiqJX yvl/9GIQUkmy4qIi+e6/R/s= =RNcX -----END PGP SIGNATURE-----
