How would you do that ...

vedaal at vedaal at
Tue May 4 23:46:31 CEST 2021

Or, for the really paranoid ;-)you can have random data on a read-only
mini cdrom,and use it as an OTP, and throw it into a garbage
incinerator afterwards.
If you are up against adversaries where this is necessary,this methods
may ultimately not help ...

On 5/4/2021 at 1:19 PM, "Ingo Klöcker"  wrote:On Dienstag, 4. Mai
2021 18:47:50 CEST Robert J. Hansen via Gnupg-users wrote:
> For modern SSDs I generally recommend a single pass with random
> dd if=/dev/urandom of=/dev/foo bs=1M
> (Don't forget the blocksize [bs] parameter; it can improve speed
> significantly.)
> This is enough to foil the vast majority of forensic analysis.  Yes,
> yes, SSDs have remapping capabilities which means certain memory
> won't get hit even if you do this, and it's theoretically possible
for a
> good forensics nerd to do all kinds of wild magic to pull off data
> didn't even know was there... but that kind of very high-level
> nerdery costs a lot of money, and few people are worth that kind of
> investment.

I'd always use full disk encryption ideally with the key stored on a
token. Otherwise, with a very good passphrase.

And, after use, wipe the disk and destroy the token.

Modern enterprise-level SSDs also have secure erase, but, of course,
have to trust the hardware manufacturer to implement it properly
without any 
backdoors which you probably don't want to do in the above scenario.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Gnupg-users mailing list