On Thu, Dec 21, 2006 at 03:47:07PM +0000, Darren J Moffat wrote: > Nicolas Williams wrote: > >James makes a good argument that this scheme won't suffice for customers > >who need that level of assurance. I'm inclined to agree. For customers > >who don't need that level of assurance then encryption ought to suffice. > > Has anyone other than me actually read the current NIST guidelines on > this ? [ the url was in my original email message ]. > > The current NIST guidelines, or at least my reading of it, says that > even if you are using encryption and even if you are going to do > physical destruction you still need to do something like this.
I think it's a bit nuanced. Pages 15-16 obliquely mention encryption in the description of "clearing": "... It must be resistant to keystore recovery attempts executed from standard input devices and from data scavenging tools. ..." I'm not sure how to interpret that in the case of ZFS encryption. The actual keys used to encrypt file are not typed in by users, and data scavenging tools could only get at them if: a) they recovered user passwords from which master FS keys are derived, b) have access to the media. On page 4 (errata), it says that on 9-11-06 (version 10-06) text was deleted that had once declared encryption insufficient. So, altogether I would read this as allowing deletion of keys as a method of clearing. Since clearing is all we can hope to do in ZFS then I think this should be sufficient. Nico -- _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
