On 5/4/2021 at 1:19 PM, "Ingo Klöcker" wrote:I'd always use full disk encryption ideally with the key stored on a USB token. Otherwise, with a very good passphrase.
And, after use, wipe the disk and destroy the token. Modern enterprise-level SSDs also have secure erase, but, of course, you'd have to trust the hardware manufacturer to implement it properly without any backdoors which you probably don't want to do in the above scenario. ===== Or, for the really paranoid ;-)you can have random data on a read-only mini cdrom,and use it as an OTP, and throw it into a garbage incinerator afterwards. But really, if anyone is up against adversaries where this is necessary,this methods may ultimately not help. These adversaries are not known for their honor and fair play ... vedaal
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
