[FDE] Encryption as a accepted mean of sanitization

Saqib Ali docbook.xml at gmail.com
Tue Oct 3 11:15:13 MDT 2006 

Hi Connie,

I completely understand this. However my question was about NIST.

Does NIST now recognize one-way encryption of the HDD as a possible
mean to destruct the Data???

On 10/3/06, Sadler, Connie <Connie_Sadler at brown.edu> wrote:
>
> Sanitization ensures the data is *gone*. Encryption simply ensures that
> the data is inaccessible until such a time that it can be cracked (could
> be 2 years, could be 20 years) - but the data is still there - and
> potentially crackable.
>
> Connie J. Sadler, CM, CISSP, CISM, GIAC GSLC
> IT Security Officer
> Brown University Box 1885, Providence, RI 02912
> Connie_Sadler at Brown.edu
> Office: 401-863-7266
>
>
> -----Original Message-----
> From: listbounce at securityfocus.com [mailto:listbounce at securityfocus.com]
> On Behalf Of Saqib Ali
> Sent: Tuesday, October 03, 2006 11:23 AM
> To: fde at www.xml-dev.com; security-basics
> Subject: Re: Encryption as a accepted mean of sanitization
>
> The reason I ask this question is because there is a debate going on @
> Wikipedia on this topic between user:maxt and user:tngr (don't know who
> they are).
>
> See:
> 1) http://en.wikipedia.org/wiki/Talk:Full_disk_encryption ; and
> 2) http://en.wikipedia.org/wiki/FDE
>
> IT would be nice to have some clarity on this topic.
>
>
>
> On 10/2/06, Saqib Ali <docbook.xml at gmail.com> wrote:
> > Hello All,
> >
> > NIST recently DELETED the following paragraph from the Special
> > Publication 800-88 (
> > http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pd
> > f
> > ):
> >
> > "Encryption is not a generally accepted means of sanitization. The
> > increasing power of computers decreases the time needed to crack
> > cipher text and therefore the inability to recover the encrypted data
> > can not be assured."
> >
> > Does that mean that NIST now accepts encryption a mean to sanitize a
> HDD?
> >
>
>
> --
> Saqib Ali, CISSP, ISSAP
> Support http://www.capital-punishment.net
> -----------
> "I fear, if I rebel against my Lord, the retribution of an Awful Day
> (The Day of Resurrection)" Al-Quran 6:15
> -----------
>
> ------------------------------------------------------------------------
> ---
> This list is sponsored by: Norwich University
>
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has
> designated Norwich University a center of Academic Excellence in
> Information Security. Our program offers unparalleled Infosec management
> education and the case study affords you unmatched consulting
> experience.
> Using interactive e-Learning technology, you can earn this esteemed
> degree, without disrupting your career or home life.
>
> http://www.msia.norwich.edu/secfocus
> ------------------------------------------------------------------------
> ---
>
>


-- 
Saqib Ali, CISSP, ISSAP
Support http://www.capital-punishment.net
-----------
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15
-----------

More information about the Fde mailing list