[Dshield] data storage encryption
dshieldlists at versateam.com
Thu Jun 9 02:31:50 GMT 2005
If the issue is the automation, you could look at a public/private key
encryption process (GNU Privacy Guard, for example). The public key can
be relatively insecure (you don't want someone substituting theirs for
yours, but otherwise it doesn't matter if they look at it). Only the
private key can decipher material encrypted with the public key, and the
private key is not needed for the routine automated encryption, so it
could be stored in a safe place and brought out only when you need to
decipher the material.
One downside is that it's hard to predict how soon advances in computer
technology could compromise the public/private key. If you want to
preserve the material for, say, 50 or 100 years, the public/private key
encryption that is strong today may be absurdly weak by the end of that
time. Of course the same thing might be true of a symmetric key
encryption process. Who knows what tomorrow may bring?
Maybe there won't be any computers that can read your media by then...
so you can solve both the media compatibility and strength of encryption
issues by being prepared to "freshen" the storage and encryption every
3-5 years with whatever technology seems best at the time.
> Thanks for the response, I try to answer all your questions:
> The purpose is to storage the data for rally long term, all the company
> data will go there after work with it, at least the results of the work.
> I'm not sure about the availity of the data after encryption I'm still
> working with that client, it's a important point, sure, but now I only
> thinking how substitute the actual sistem (really bad win98 with a bat
> coping the files, ejem, ejem)
More information about the list