Security notes / data-at-rest encryption

From Helpful
Jump to navigation Jump to search
Security related stuff.


Theory / unsorted

how to do a login system badly
data-at-rest encryption ·pre-boot authentication
encrypted connections
This article/section is a stub — probably a pile of half-sorted notes and is probably a first version, is not well-checked, so may have incorrect bits. (Feel free to ignore, or tell me)

Data at rest, or data in flight

Encryption generally protects either data only at rest, or data only in flight (e.g. HTTP / TLS).

Why not both? While you could base both on much the same underlying code, they are different purposes, and have practicalities different enough in the security and privacy implications, and how to use them well for those purposes. You might as well have two different specializations.

On hard drive encryption

Do I need it?

For a practical view, see Security notes - security for the everyday person

Practical side
A note on speed
Techical side
Drive encryption and TPM

File encryption

User account encryption