Encryption is not a secure data destruction solution.
October 18, 2017
Encryption ultimately is subject to side channel and back door vulnerabilities, and should not be considered a viable end-of-life data destruction solution. US-CERT (United States Computer Emergency Readiness Team) published the following alert regarding the WPA2 security protocol. Notice specifically the reference to decryption. Data is not "destroyed" unless it has either been securely erased or the media on which the data is stored has been shredded to something about the size of a particle of sand (and fine sand at that).
US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.
Share on Facebook
Share on Twitter
“The final rules, effective on March 26, 2013, not only provide direct liability for business associates and their subcontractors, but also include in...