change the passphrase

Brad Tilley
Fri Nov 16 15:25:02 2001

Most people don't _begin_ to have the level of security needs that would
require them to physically destroy media, especially given the waste and
cost issues.  Given people advice based on an inappropriate threat model
is a great way to scare them off using GNUPG at all.


I work on Linux systems that contain financial data. Some of our most
sensitive data are stored on ro media like CDRs. Besides using GNUpg
encryption, we physically destroy old CDRs. Any files that were copied from
the CDRs to HDDs are shredded (up to 25 passes, and the HDDs are reformatted
and tested throughly before being used for other, less sensitive, tasks. My
point is that some people _do_ physically destroy media, but, as you said,
most don't.

"If I know that everything I know is wrong, does that mean I'm right?"