How would you do that ...

rjh at sixdemonbag.org rjh at sixdemonbag.org
Wed May 5 00:18:55 CEST 2021


I have literally never in my life seen any meaningful use case for the OTP after about 1974.

It's not part of a sensible discussion. :)

On May 4, 2021 4:46:31 PM CDT, vedaal via Gnupg-users <gnupg-users at gnupg.org> wrote:
>Or, for the really paranoid ;-)you can have random data on a read-only
>mini cdrom,and use it as an OTP, and throw it into a garbage
>incinerator afterwards.
>If you are up against adversaries where this is necessary,this methods
>may ultimately not help ...
>=====
>
>On 5/4/2021 at 1:19 PM, "Ingo Klöcker"  wrote:On Dienstag, 4. Mai
>2021 18:47:50 CEST Robert J. Hansen via Gnupg-users wrote:
>> For modern SSDs I generally recommend a single pass with random
>data:
>> 
>> dd if=/dev/urandom of=/dev/foo bs=1M
>> 
>> (Don't forget the blocksize [bs] parameter; it can improve speed
>> significantly.)
>> 
>> This is enough to foil the vast majority of forensic analysis.  Yes,
>> yes, SSDs have remapping capabilities which means certain memory
>cells
>> won't get hit even if you do this, and it's theoretically possible
>for a
>> good forensics nerd to do all kinds of wild magic to pull off data
>you
>> didn't even know was there... but that kind of very high-level
>forensics
>> nerdery costs a lot of money, and few people are worth that kind of
>> investment.
>
>I'd always use full disk encryption ideally with the key stored on a
>USB 
>token. Otherwise, with a very good passphrase.
>
>And, after use, wipe the disk and destroy the token.
>
>Modern enterprise-level SSDs also have secure erase, but, of course,
>you'd 
>have to trust the hardware manufacturer to implement it properly
>without any 
>backdoors which you probably don't want to do in the above scenario.
>
>Regards,
>Ingo

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210504/7bf19323/attachment.html>


More information about the Gnupg-users mailing list