top of page

Encryption is not a secure data destruction solution.

Encryption ultimately is subject to side channel and back door vulnerabilities, and should not be considered a viable end-of-life data destruction solution. US-CERT (United States Computer Emergency Readiness Team) published the following alert regarding the WPA2 security protocol. Notice specifically the reference to decryption. Data is not "destroyed" unless it has either been securely erased or the media on which the data is stored has been shredded to something about the size of a particle of sand (and fine sand at that).

US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.

Featured Posts
Recent Posts
Search By Tags
No tags yet.
Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square
bottom of page