@xyz, @Jlocke
@xyz,
Important point... you'ld never be able to prove a dead disc was ever securely destroyed or flogged on.
That is a problem in asset management and writing clearly understood contract with reputable suppliers. Mind you given who HMG thinks *are* reputable suppliers, and its apparent inability to negotiate a contract that does not screw themselves (or rather the taxpayers coughing up the cash for it) that should be a distinct risk factor.
"Any system is only as secure as it's poorest worker with a big bill to pay."
Excellent point. Applicable to *any* system architecture.
@Jlocke
"3DES and AES will be broken sooner or later."
Quite right. The question is when. DES was retired because the EFF built hardware to *prove* it could be brute force attacked within an average 3 1/2 days. Till then the US govt maintained it was safe as houses, suggesting the NSA has been reading DES traffic for years.
The EFF tech were ASIC clocked at 20Mhz built for $200k total, when GaAs foundries could do 2 Ghz easily.
AFAIK there is *no* analysis that running DES on date 3 times cubes the complexity of an attack, although it is a widespread belief (I'd welcome any reference to this issue).
The system that Sky Digital uses uses a 2048 bit public key system. I suspect they have a backup plan to roll out something even longer if it is compromised.
You're quite correct that any encrypted stream has to be put in plain text at some point. This is the same as MIcrosoft's efforts to foist DRM on people. It differs in that the whole back end of the system should *not* be accessible to the general public.
Modern practice is the 3 tier approach. bulk data storage feeding a "Business logic" layer feeding the front end interface or interfaces. ON this basis the business logic layer *should* stay under direct UK govt control. The storage can be anywhere as long as latency is reasonable but all held data is encrypted, although how this works with indexes is likely to be tricky.
Of course before getting too enamoured of this approach perhaps a cross depart review of just *how* much has been saved by all this outsourcing might be in order.