Forgot your password?
typodupeerror

Comment: Re:Where the fault lies? (Score 1) 229

Are you supporting the claim that hardware manufacturers do everything to spec? That the hardware doesn't have to interface with software?

I find it rather concerning that so many people place so much faith in so many strangers that they would forgo a 60-second attendant procedure that would nearly totally ensure against data leakage.

Comment: Re: Both (Score 1) 229

by MyFirstNameIsPaul (#47418353) Attached to: Avast Buys 20 Used Phones, Recovers 40,000 Deleted Photos

This gets back to my whole point that when I am giving up control of the device, I would rather have full confidence, and what you are describing likely relies on various softwares that I cannot know if they are trustworthy.

To fully embrace my paranoia, your rather authoritative tone makes it sound as if I should not wipe the device and instead wholly rely on an unprovable method of protection, thus making a casual reader find your method superior. I will continue to rely on both erasing keys and wiping devices as the best method to protect data on devices I am giving up control of.

Comment: Re:Both (Score 1) 229

by MyFirstNameIsPaul (#47417757) Attached to: Avast Buys 20 Used Phones, Recovers 40,000 Deleted Photos

It's hardware decryption. The key only ever exist within the SOC. Throwing away the decryption key means overwriting it with a new one. There is no possibility of recovery.

If this hardware encryption/decryption is trustworthy, then what is the difference between it and TPM, which few data experts are willing to trust?

"Zeroing the storage space" probably does not overwrite anything on flash storage. Flash is very resistant to writing anything to a block unless it has to, as there are limited numbers of writes before the the block becomes unusable. Writing random data will, but at a cost of significant time. And it's still less secure than deleting the key of an encrypted drive.

I have recently been playing with hdparm and ATA secure erase and enhanced secure erase. As I understand it, issuing the command for enhanced secure erase returns the drive to a condition defined by the manufacturer of the device, presumably one which does not retain any data. Additionally, I found a blog post by Bruce Schneier discussing a report from a trusted security company which stated that traditional full disk wipe methods for HDDs are also effective on SSDs. The notable exception is that the security company did not find any delete-based wipe methods effective on SSDs (meaning, you have to wipe the whole disk to completely erase data). That last bit annoys me: everyone is so concerned with deleting data on far-away devices, yet we can't even delete specific data on local devices without wiping the entire device.

I have not played around with wiping data from phones, so I don't know how any that applies, but I suspect the concepts are the same. Also, as far as the time component goes, it's unattended time, so little measurable cost to the user.

Comment: Re:Where the fault lies? (Score 1) 229

by MyFirstNameIsPaul (#47417391) Attached to: Avast Buys 20 Used Phones, Recovers 40,000 Deleted Photos
To my knowledge, Apple has not published the code they use in the encryption process for which keys are being deleted or the code which deletes the keys. Although I'm not aware this code at least been reviewed by trusted professionals (it may have). It seems like too many people say "256-bit AES" as if it's a conversation stopper, but there is always more to be concerned about. For example, the theory of public key encryption is sound, yet OpenSSL had a security hole the size of a galactic core which gave access to the memory of a web server. Apple software != 256-bit AES.

Comment: Re:Torrent download (Score 1) 566

by MyFirstNameIsPaul (#47125347) Attached to: TrueCrypt Website Says To Switch To BitLocker

# sha1sum TrueCrypt-7.1a.torrent
689e239a8d40e25c2bb9877581d0e2538b48e0a7 TrueCrypt-7.1a.torrent
# sha1sum TrueCrypt\ 7.1a\ Source.zip
4baa4660bf9369d6eeaeb63426768b74f77afdf2 TrueCrypt 7.1a Source.zip
# sha1sum --version
sha1sum (GNU coreutils) 8.13
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later .
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Written by Ulrich Drepper, Scott Miller, and David Madore.

That second check matches the checksum stated in the initial audit report.

Comment: Re:You will never change them (Score 5, Insightful) 311

by MyFirstNameIsPaul (#44907407) Attached to: Ask Slashdot: Does Your Work Schedule Make You Unproductive?
This issue occurs across all careers, not just programmers. A friend of mine is an accountant and he has had the same issues. What he has learned is to just move on to another employer. It's not worth the heartache and permanent hair loss to stick around.

For large values of one, one equals two, for small values of two.

Working...