Media Sanitization and Encryption
Last week NIST released Special Publication 800-88, Guidelines for Media Sanitization.
There is a new paragraph in this document (page 7) that was not in the draft version:
Encryption is not a generally accepted means of sanitization. The increasing power of computers decreases the time needed to crack cipher text and therefore the inability to recover the encrypted data can not be assured.
I have to admit that this doesn’t make any sense to me. If the encryption is done properly, and if the key is properly chosen, then erasing the key—and all copies—is equivalent to erasing the files. And if you’re using full-disk encryption, then erasing the key is equivalent to sanitizing the drive. For that not to be true means that the encryption program isn’t secure.
I think NIST is just confused.
BLP • September 11, 2006 11:57 AM
I’m not sure that’s true. (Although, you are the expert, not me).
If the key >can< be brute forced (even assuming a very Hard Problem requiring googolplexes of cpu cycles), then deleting the key simply makes it impractical to recover the data.