Comment by skj
7 years ago
Instead of having a key that you delete (and also build non trivial infrastructure to support), why not delete the actual data?
7 years ago
Instead of having a key that you delete (and also build non trivial infrastructure to support), why not delete the actual data?
Because the key is smaller, it is easier to make sure you deleted every copy of that key than that you deleted every copy of the data. The data also might be part of a larger backup that you would have to take apart and reassemble in order to delete the data, or might be in a place where doing that is costly (e.g. on Amazon Glacier)
It seems precisely as easy to make sure you've deleted every copy of the data as it is to make sure you've encrypted every copy of the data.
Edit: apologies, seems I read way too quickly! Thanks for pointing it out.
2 replies →