-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/23/07 18:46, Douglas Allan Tutty wrote: > On Wed, May 23, 2007 at 06:12:36PM -0400, Greg Folkert wrote: >> On Wed, 2007-05-23 at 17:01 -0500, Ron Johnson wrote: > >>> After all the stories about laptops full of sensitive data being >>> stolen, and tapes full of sensitive data being lost, you still have >>> to ask why someone wants to encrypt private data? >> It comes to mind; why all this data is on a "portable device" in the >> first place? > > Recently, a major bank here in Canada lost a hard drive containing > clear-text customer personal info (everything an identity thief needs) > in transit from one major city to another. I don't know why: > > 1. they didn't treat it like cach and send it via Brinks > 2. they didn't encrypt it and send it over the net. > > If you're sending backup to off-site storage (vault) other than backing > up to a remote data-center, for some period of time the data will be on > some type of portable device whether hard drive or DLT.
Exactly. An Iron Mountain courier stops by our data center morning & late afternoon and (I think) once on Saturday. Mostly we use legacy systems (z/OS & OpenVMS) so any Nefarious Ned who robs the courier would have to have similar legacy hardware to extract the data. Very unlikely. I don't know how they secure the Oracle (both HP-SUX & Linux) and Windows data. Not My Responsibility. As soon as we upgrade to faster hardware (ha ha ha ha!), Rdb 7.2 and OpenVMS 8.3, we can use the built-in encryption API to "totally" secure our data. Until then, it's Security Thru Expensive Legacy Obscurity. > It would be very nice if there was a universal cross-platform rw + > encrypt filesystem for archives. Something that you could be confident > that you could decrypt and access in 10 years using whatever OS was > current then. tar is cross-platform, as is ASCII CSV. PGP/GPG is also cross-platform. Problem solved? > I did something similar when I was running OS/2. I implemented SHA and > I forget which encrytion algorithm in REXX. When my OS/2 died and I > switched to Linux, it was a simple matter to translate the REXX into > python and extract my archive. > > Right now, my archives are not encrypted and are tarballs. With the > media I also save a debian install set. > > Doug. > > - -- Ron Johnson, Jr. Jefferson LA USA Give a man a fish, and he eats for a day. Hit him with a fish, and he goes away for good! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGVNbDS9HxQb37XmcRAkW7AJ4njNRLX3Sw/HRCD2nyLqqog70McgCgryRx IKz6H0KzXN+AAIkTDoUyRDg= =olFk -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
