On 5/4/2021 at 1:19 PM, "Ingo Klöcker" wrote:I'd always use full
disk encryption ideally with the key stored on a USB
token. Otherwise, with a very good passphrase.
And, after use, wipe the disk and destroy the token.
Modern enterprise-level SSDs also have secure erase, but, of course,
you'd
have to trust the hardware manufacturer to implement it properly
without any
backdoors which you probably don't want to do in the above scenario.
=====
Or, for the really paranoid ;-)you can have random data on a read-only
mini cdrom,and use it as an OTP, and throw it into a garbage
incinerator afterwards.
But really, if anyone is up against adversaries where this is
necessary,this methods may ultimately not help.
These adversaries are not known for their honor and fair play ...
vedaal
disk encryption ideally with the key stored on a USB
token. Otherwise, with a very good passphrase.
And, after use, wipe the disk and destroy the token.
Modern enterprise-level SSDs also have secure erase, but, of course,
you'd
have to trust the hardware manufacturer to implement it properly
without any
backdoors which you probably don't want to do in the above scenario.
=====
Or, for the really paranoid ;-)you can have random data on a read-only
mini cdrom,and use it as an OTP, and throw it into a garbage
incinerator afterwards.
But really, if anyone is up against adversaries where this is
necessary,this methods may ultimately not help.
These adversaries are not known for their honor and fair play ...
vedaal