• Facebook - Grey Circle
  • Twitter - Grey Circle
  • LinkedIn - Grey Circle
For an evaluation copy of our software, please click here
contact us for your personalized solution
info@virtual-io.com

Virtual-I/O Solutions

13900 Bethany Oaks Pointe

Alpharetta, GA 30004

© 2019 Virtual-I/O Solutions

Encryption is not a secure data destruction solution.

October 18, 2017

Encryption ultimately is subject to side channel and back door vulnerabilities, and should not be considered a viable end-of-life data destruction solution.  US-CERT (United States Computer Emergency Readiness Team) published the following alert regarding the WPA2 security protocol.  Notice specifically the reference to decryption.  Data is not "destroyed" unless it has either been securely erased or the media on which the data is stored has been shredded to something about the size of a particle of sand (and fine sand at that).

 

US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.

Share on Facebook
Share on Twitter
Please reload

Featured Posts

“The final rules, effective on March 26, 2013, not only provide direct liability for business associates and their subcontractors, but also include in...

HIPAA Final Rules

September 12, 2017

1/1
Please reload

Recent Posts

September 12, 2017

Please reload

Archive
Please reload

Search By Tags

I'm busy working on my blog posts. Watch this space!

Please reload

Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square