[Dshield] data storage encryption

M Cook dshieldlists at versateam.com
Thu Jun 9 02:31:50 GMT 2005


If the issue is the automation, you could look at a public/private key 
encryption process (GNU Privacy Guard, for example). The public key can 
be relatively insecure (you don't want someone substituting theirs for 
yours, but otherwise it doesn't matter if they look at it). Only the 
private key can decipher material encrypted with the public key, and the 
private key is not needed for the routine automated encryption, so it 
could be stored in a safe place and brought out only when you need to 
decipher the material.

One downside is that it's hard to predict how soon advances in computer 
technology could compromise the public/private key. If you want to 
preserve the material for, say, 50 or 100 years, the public/private key 
encryption that is strong today may be absurdly weak by the end of that 
time. Of course the same thing might be true of a symmetric key 
encryption process. Who knows what tomorrow may bring?

Maybe there won't be any computers that can read your media by then... 
so you can solve both the media compatibility and strength of encryption 
issues by being prepared to "freshen" the storage and encryption every 
3-5 years with whatever technology seems best at the time.

Isaac wrote:
> Thanks for the response, I try to answer all your questions:
> The purpose is to storage the data for rally long term, all the company 
> data will go there after work with it, at least the results of the work.
> I'm not sure about the availity of the data after encryption I'm still 
> working with that client, it's a important point, sure, but now I only 
> thinking how substitute the actual sistem (really bad win98 with a bat 
> coping the files, ejem, ejem)




More information about the list mailing list