Yup, disk arrays can be quite a problem when it comes to forensics recovery. This has been a bit of a nemesis of mine over the years. Friends or family will decide to buy a single RAID solution for backup and configure it to write files across the disks for performance because they don't know any better. Four years later they'll come to me because something happened to the array like a failed or corrupted controller NVRAM and they want to recover the files. For backup I recommend mirrored single individual spinning disks, preferably in multiple locations.
* When random bytes are desired, they are obtained by taking the SHA
* hash of the contents of the "entropy pool". The SHA hash avoids
* exposing the internal state of the entropy pool. It is believed to
* be computationally infeasible to derive any useful information
* about the input of SHA from its output. Even if it is possible to
* analyze SHA in some clever way, as long as the amount of data
* returned from the generator is less than the inherent entropy in
* the pool, the output data is totally unpredictable. For this
* reason, the routine decreases its internal estimate of how many
* bits of "true randomness" are contained in the entropy pool as it
* outputs random numbers.
*
* If this estimate goes to zero, the routine can still generate
* random numbers; however, an attacker may (at least in theory) be
* able to infer the future output of the generator from prior
* outputs. This requires successful cryptanalysis of SHA, which is
* not believed to be feasible, but there is a remote possibility.
* Nonetheless, these numbers should be useful for the vast majority
* of purposes.
This is the same old story. /dev/urandom is what you should use, unless you believe that the hash function is broken
Pony! Seems like a very interesting language that doesn't get much exposure. Predictable GC, fine grained capabilities, actor model (concurrent by default), no deadlocks etc.
But not anything underneath, including getRandomValues(), as you write. A recent issue about this [1] on the WebCrypto spec itself was closed with 'wontfix' because in their view, polyfilling web APIs is a common and accepted practice.
IANAL, and can't profess to any knowledge whatsoever of Danish law, but opening a package clearly addressed to someone else without permission may be reasonable grounds for litigation.
Though to the question "what good will that do", you're right, it's not like new health records can be issued.
Depending on the details of what was shared and what ties them to an individual though, I suppose it might be possible to issue new IDs.
So? An unencrypted CD was accessible for a time period to a third party. It's good security practice to consider the data to be compromised. Especially a powerful, malicious actor will put in effort to make it appear that this is not the case.
If anything, this requires a severe audit of the security practices of the affected organisations. Moreover, I think citizens of Denmark are entitled to know what information about their personal health records is leaked.
