<html dir="ltr"><head></head><body style="text-align:left; direction:ltr;"><div>NDBE - Network Device Block Encryption</div><div><br></div><div>On Thu, 2019-04-11 at 17:29 -0400, DJ-Pfulio via Ale wrote:</div><blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex"><pre>Yet more reasons to use encrypted storage.</pre><pre><br></pre><pre>Isn't there an enterprise solution for this using key servers to unlock the</pre><pre>partitions at boot? Take the server/disks off the LAN and there aren't any key</pre><pre>servers available.</pre><pre><br></pre><pre><br></pre><pre><br></pre><pre>On 4/11/19 4:31 PM, Alex Carver via Ale wrote:</pre><blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex"><pre>If someone really wants your data, holes don't matter. The rest of the</pre><pre>platter is still intact in that case and can have the data extracted.</pre><pre><br></pre><pre>There's also no guarantee that Dban can write enough to be sure that the</pre><pre>magnetic domains are fully randomized deep in the platter. The longer</pre><pre>data sits statically on the disk the more opportunity for the surface</pre><pre>domain to imprint on deeper domains (this is actually a problem with</pre><pre>magnetic tape, magnetic data can print through from one layer of tape to</pre><pre>the next layer when it's wound on the spindle).</pre><pre><br></pre><pre>A serious entity can perform a deep level scan of the platter and</pre><pre>retrieve the low level signal under the surface domains and see previous</pre><pre>data. The drive head typically isn't powerful enough to write that</pre><pre>deeply because it has to keep the tracks narrow.</pre><pre><br></pre><pre>On 2019-04-11 12:13, Steve Litt via Ale wrote:</pre><blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex"><pre>On Wed, 10 Apr 2019 22:11:42 -0400</pre><pre>Jim Kinney <</pre><a href="mailto:jim.kinney@gmail.com"><pre>jim.kinney@gmail.com</pre></a><pre>> wrote:</pre><pre><br></pre><blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex"><pre>Dban advantage: it can be done across hundreds or thousands of drives</pre><pre>before larcenous third party "shredders" physically touch the drives.</pre></blockquote><pre><br></pre><pre>That's a good point.</pre><pre><br></pre><pre>Doesn't dban take an hour or more? How many drives can I do with one</pre><pre>computer? How long would it take to test whether each is really blank?</pre><pre><br></pre><pre>What might be nice with 1000 drives to do is dban followed by drilling</pre><pre>3 holes in each drive. I'd say each drive would take 1 minute for 3</pre><pre>holes, so it's about 2 days for one employee to drill the holes. Or,</pre><pre>perhaps, one employee could both dban and drill the holes, drilling the</pre><pre>holes while the next batch is dbanning.</pre></blockquote></blockquote><pre><br></pre><pre>_______________________________________________</pre><pre>Ale mailing list</pre><a href="mailto:Ale@ale.org"><pre>Ale@ale.org</pre></a><pre><br></pre><a href="https://mail.ale.org/mailman/listinfo/ale"><pre>https://mail.ale.org/mailman/listinfo/ale</pre></a><pre><br></pre><pre>See JOBS, ANNOUNCE and SCHOOLS lists at</pre><a href="http://mail.ale.org/mailman/listinfo"><pre>http://mail.ale.org/mailman/listinfo</pre></a><pre><br></pre></blockquote><div><span><pre><pre>-- <br></pre>James P. Kinney III
Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain
http://heretothereideas.blogspot.com/
</pre></span></div></body></html>