Bug #6974
Clarify that secure deletion isn't the first line of defense for the persistent volume
Start date:
2014-03-24
Due date:
% Done:
0%
Description
Here’s a suggested patch:
diff --git a/wiki/src/doc/first_steps/persistence/warnings.mdwn b/wiki/src/doc/first_steps/persistence/warnings.mdwn
index bca2eca..6b8829b 100644
--- a/wiki/src/doc/first_steps/persistence/warnings.mdwn
+++ b/wiki/src/doc/first_steps/persistence/warnings.mdwn
@@ -11,7 +11,13 @@ Storing sensitive documents
the device can know that there is a persistent volume on it. Take into consideration
that you can be forced or tricked to give out its passphrase.
-Note also that **secure deletion does not work as expected on USB sticks.**<br/>
+Note also that **secure deletion does not work as expected on USB
+sticks.**<br/> Nothing but ciphertext (encrypted by your passphrase) is ever
+stored on the persistent volume, so the first line of defense is to ensure
+that the attacker can't guess or learn your passphrase. However, a second
+line of defense is to delete the ciphertext, and that turns out to be harder
+to do than we would like.
+
[[See the corresponding documentation.|encryption_and_privacy/secure_deletion#usb_and_ssd]]
Read also how to [[delete the persistent volume|delete]].
velope suggested on IRC that instead mention of secure deletion could be removed from this page entirely. That sounds potentially even better to me than the above clarification.
Subtasks
History
#1 Updated by intrigeri 2014-03-25 08:47:47
- Category set to Persistence
- Assignee set to sajolida
- QA Check set to Ready for QA
#2 Updated by sajolida 2014-03-26 11:00:33
- Status changed from New to Confirmed
Ok, then what about commit adae16d?
#3 Updated by sajolida 2014-05-06 18:52:53
- Subject changed from clarify that secure deletion isn't the first line of defense for the persistent volume to Clarify that secure deletion isn't the first line of defense for the persistent volume
- Status changed from Confirmed to Resolved
- Assignee deleted (
sajolida) - QA Check deleted (
Ready for QA)
No comments in one month, so let’s say that my fix is fine.