The Great Zero Challenge

[M J D Brown]

A colleague wrote:

> Given this section from the Microsoft help text: "If you create files 
> in
> plain text and then encrypt them, Encrypting File System (EFS) makes a
> backup copy of the file so that, if an error occurs during the 
> encryption
> process, the data is not lost. After the encryption is complete, the 
> backup
> copy is deleted. As with other deleted files, the data is not 
> completely
> removed until it has been overwritten."
>
> If this is the default behaviour for their encryption software I 
> personally
> would not trust the tool to secure anything beyond a copy of my public
> website.

The Microsoft help text is at least candid and allows the security risk 
to be assessed and appropriate precautions taken.

<tongue-in-cheek mode on>
Holding 'classified' files on the same computer as non-sensitive ones 
opens up all the problems of multi-level security.  If one is that 
worried about leakage, then the prudent option would be to hold all 
sensitive files and perform all cryptographic processing on a separate, 
physically secured computer that has no network or internet connection. 
Encrypted files must then be carried across the 'air gap' to the 
networked computer.  Naturally, one would then have to assess the EMC 
vulnerability of the secure computer and consider the need for a Faraday 
cage and mains filtering.  And then ....
<tongue-in-cheek mode off>

Unless formally classified material is involved, in which case it is a 
matter of complying with the data controller's regulations, I would 
think that a reasonable approach would be to store sensitive files on a 
separate portable drive kept in the office safe which is given a routine 
wiping when de-commissioned and then physically destroyed when 
opportunity permits.  I take this approach with identifiable personal 
data relating to my voluntary welfare casework, though I have not yet 
needed to de-commission the portable hard drive.

Regards,
Mike.