paulsabou

paulsabou

Balancing Auditability and Privacy with Crypto-Shredding

Software in regulated industries must comply with:

  1. Auditability laws that require tamper-proof, long-term storage of event logs
  2. Privacy laws (GDPR) that require users’ personal data to be erasable on request.

Deleting data conflicts with the need for immutable audit trails — especially across backups and air-gapped storage.

Crypto-shredding is the solution to this dilemma.

Instead of deleting data, systems encrypt sensitive information with user-specific, time-scoped keys and later make it unreadable by deleting those keys.

Most Liked

NobbZ

NobbZ

For the moment.

We decided against crypto shredding in our event store, as we fear that future tech might make the encryption obsolete, do you have a solution for this?

paulsabou

paulsabou

agree that this is a valid concern. the concern is usually around post-quantum safe cryptography. Currently NIST recommands AES 256 with GCM for this. See SP 800-38D, Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC | CSRC

Based on my research crypto shredding is the only way to have immutable audit event logs & gdpr compliance at the same time.

For EDA (Event Driven Architectures) you don’t have to guarantee event log immutability. If you trust that your code is bug free then you can always filter your primary event log stream and create a new one (with the user data removed).

My use case is not EDA but an auditable event log that has to be stored on an append only storage. In this case you literally cannot modify the event log (it’s on an append only storage system). Then the only option is crypto shredding.

Where Next?

Popular in Blog Posts Top

sashaafm
How to use the blogs section You can post links to your blog posts either in one of the Official Blog Posts threads (like this one), or, ...
296 25433 131
New
rrrene
In this series, we take a look at the different ways to organize, structure and execute a good “flow” in our Elixir programs. The latest...
New
New
adolfont
Hi, You all probably know that José Valim is Brazilian and that his native language is Portuguese. I, Herminio Torres, Matheus Pesanha a...
New
sheharyarn
In this article, I talk about the Elixir library Delta we at Slab just open-sourced, its various features including support for Operation...
New
victorbjorklund
I’m showing you how you can customise the phx.new generator to give you a new Phoenix project the way YOU want it. In this post I show yo...
New
New
rlopzc
Learn how to leverage Erlang + Elixir’s GenServer to build a robust FTP Client. https://rlopzc.com/posts/elixir-ftp-client-genserver-par...
New
JEG2
I’m closing out, for now, my series on questions at the heart of development with an analysis of when we need more abstraction. For exam...
New
biportal
Hi, I recently thought about a name for this Stack: Rust + Elixir + Phoenix. I came up with Runix (RuNix) and blogged about it on Medium....
New

Other popular topics Top

Qqwy
Original source of discussion: This topic on the Pragmatic Programmers’ Functional Web Development with Elixir, OTP, and Phoenix forum. ...
New
JakeBecker
TL;DR: I’ve just released an implementation of Microsoft’s IDE-independent Language Server Protocol for Elixir. It adds language support ...
1144 54120 245
New
mcarvalho
What is the difference between System.get_env and Application.get_env? For example, what are best practices to use one versus another.
New
ashish173
I am using Ecto timestamps with postgres, I can see the timestamps() use the :naive_dateime but for my use case I wanted to store the ti...
New
jay1
Why is it that the mnesia database isn’t the most preferred database for use in Elixir/Phoenix?
New
sergio_101
I am VERY much an elixir newbie. I have taken one elixir course and one phoenix course on Udemy. During that course, I saw the instructor...
New
bsollish-terakeet
Credo is smart enough to check for (something like) this: assert length(the_list) == 0 with this response: Checking if an enum is empt...
New
vrod
I am using the Starship cross-shell prompt – it seems pretty nice, but I get some errors: [WARN] - (starship::utils): Executing command ...
New
WestKeys
Currently suffering from paralysis by [HTTP client] analysis. This is rather unusual in Elixirland as there tends to be consensus on the ...
New
malloryerik
Hi, this is for people who, like me, have had some friction using .html.heex templates in VSCode. The solution seems to be, in a hyphena...
New

Latest on Elixir Forum

Elixir Forum

We're in Beta

About us Mission Statement