D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Encryption was Re: Disk Wiping

 
As for password length, I don't think remembering any password is sensible. As Giles says, people can't if the password is adequate and not shared between sites. I use a jpg on a stick, and LUKS looks for the nominated jpg on the nominated stick and asks me nothing, I just boot with my password key in the USB port. It's authentication after a fashion, nobody can recreate the jpg and the stick is on my physical key ring along with the car and front door keys.

The book I checked in recently, "What Will a Post-Quantum World Look Like?", says AES256 will remain safe into that risk period, not that I own secrets at the moment. Here's the quote:

"Symmetric cryptography using
larger key sizes is considered quantum-resistant and, on the upper end of the scale, using key sizes
larger than the bare minimums is considered quantum safe. Most cryptographic authorities recom-
mend that 256-bit and larger symmetric keys (e.g., quantum-safe) be used now to fight the threats
of quantum-based attacks for the long run."

On Fri, 5 Mar 2021 at 08:14, Giles Coochey <giles@xxxxxxxxxxx> wrote:

On 04/03/2021 18:39, Simon Waters wrote:
> On Thursday, 4 March 2021 18:07:18 GMT John PNZ wrote:
>> I think, comrade, that some people rely on physical barriers for data
>> protection rather than adopting encryption at rest, but that they prefer to
>> wipe before giving a drive to another user. That seems a supportable
>> concept.
>
> I don't think our Comrade is saying rely entirely on encryption and never
> wipe, just that he is much more relaxed about procedures for wiping the disks
> because even if he does it wrongly, or forgets, without the password the
> contents are still protected. So he's not feeling the need to axe any disks,
> even if his threat model is more extreme for work data.
>
>   Simon
>
Encryption on its own is probably not enough, all the encryption
algorithms in use 40 years ago are now trivial to decrypt without a key
And it is entirely likely that all the encryption algorithms in use
today will be trivial to decrypt in 40 years time. I grant that 40 years
for many is probably inconsequential to the data on the disk, anyway we
all know your password is going not have a lot of entropy, because you
need to be able to remember it or spend six minutes typing it in every
time you boot up.



--
The Mailing List for the Devon & Cornwall LUG
https://mailman.dcglug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq
-- 
The Mailing List for the Devon & Cornwall LUG
https://mailman.dcglug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq