It doesn't matter if it's a single file or not, it's block level encryption.
TL DR is it better just to erase your keys and let them decrypt at their Leisure for the rest of Eternity
or at least attempt to destroy what's on the drives for as long as possible?
Every second is more blocks randomly destroyed by random data
Or at the Least set up the script
so that it securely erases and overwrite specific folders of your Most sensitive information
I just don't see the point of having a
quote paranoia nas unquote
if you don't at least Try to destroy the data
just erasing your keys leaves it possible for Recovery eventually
Might as well run your Storage completely in Ram
It's easy enough to have a few terabytes of operating memory these days as soon as the power goes out all of your data is gone
Well it is now 6:36 a.m. my phone battery is at 8% and I am still attempting to go to sleep
There is no point, it's an academic exercise. I don't want to destroy the data.
There's not enough time, battery or not, to destroy a significant amount of the data by writing to the disks. It's pointless. It may make is slightly harder, but recovering data from a broken file system is easier than breaking an encryption so who's it going to stop? This is why self destructing flash memory is a thing, it can be destroyed quickly and permanently. There aren't many reliable ways to rapidly destroy data on a hard drive without using high explosives or something to that effect.
I was not suggesting that as an alternative
but in addition to erasing your keys
As an academic exercise.
if you're going to attempt to do it.
why not do it the whole nine yards?
Erase your keys first and then secondly afterwards erase your most important sets of data in order of how much you rate them needing to be destroyed thus leaving them to decrypt your drive and when they finally do nothing is useful just your cat picture collections
because
Why erase your f****** encryption keys if you don't want to destroy the data?
I'm going to give whoever steals my network attached storage all of my data but first i'm just going to piss them off so they have to decrypt it
Even if it takes a government 20 years to decrypt your drives they will sit there and do it Jesus they're still trying to decrypt World War 1 & 2 encryptions
Like the Enigma code but they broke most of that if I recall
The keys can be restored.
And damaging a couple of percent of that data won't prevent that.
That's where I think we disagree
yes it will
because what's the point of encrypting your files
just so they can get it later
if you can at least PARTIALLY destroyed those files
and they STILL spend all the time decrypting iT
and THEN afterwards get NOTHING or at LEASTget LESS
If you're just going to erase your keys and they get all of your files later on down the line you might as well not encrypt your s*** at all
What the hell is the point of locking your files
if you give them the lock to deconstruct
There is literally zero point in encrypting your files if you do not want to take steps to try to destroy said files
What's the point of filling your computer with batteries if they can just unplug them and recover the data anyway?
Those batteries would be destroying important files until they either run out or they tear open your case and unplug them
that's the entire point
any data that you can deny them permanently
is the point
and every second counts
when someone kicks down your server doors and seizes your assets
Some Joe Schmo SWAT team guy is going to unplug your nas
and throw that box into a box or on the floor
meanwhile unbeknownst to them that system is still operating
hard at work destroying your files or as many files as it possibly can before the batteries run out
And if they do know that it is still in operation then they have to cut the son-of-a-b**** open and remove your drives
and during ALL THAT TIME your system is still hard at work destroying as much as it possibly can
Simply because F*** them.
If you are not going to attempt to destroy your data permanently
don't even bother encrypting it because they will get to it eventually
Most all encryption methods will fail over the course of history
or at least some company or government will get a back door in the future
or some new technology like asic decryptions will make breaking unbreakable code of today.
trivial tomorrow
If we're going to write off encryption as worthless then we can definitely write off disk erasure as worthless too.
Im out
Peace
Done
Nope
By which I mean we don't have to wait for some distant future technology to recover data from erased disks. We already know how to do that. That's why disks that are disposed of securely are erased (with multiple passes) degaused, shredded and incinerated.
Damaging (not destroying) a tiny amount of the data is not worth the effort involved.
Why mercury switches ? when something like that could be tied to read power on or off or even maybe a specific process or command. Something like a exe. executing without proper authorization ?
euh wait what...did i just missed a spectacular discussion. sooo does this mean project still ongoing?
Not sure I follow
more worried about access via remote and malware than some one physically taking my nas or messing it. Maybe i am just getting what your are trying to achieve.
Yeah it's still ongoing. We had a difference of opinion on how effective a few minutes of data overwriting would be for preventing an attacker (who can break aes) from accessing the data.
I put together the mercury switches last night and gave them a test, seems to work okay although I still think I need to add a delay as the mercury globs bounce around. It should still have the desired effect though. I'm still waiting on some other switches I need to finish it but I'll post an update once it gets in.
1 Like
if you have used maximum AES it could take a while to be broken a really long time.
1 Like
Like statute of limitations long? ;)
1 Like