Security notes / Encryption notes: Difference between revisions
Jump to navigation
Jump to search
mNo edit summary |
|||
(4 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
{{#addbodyclass:tag_security}} | |||
{{#addbodyclass:tag_tech}} | |||
{{SecurityRelated}} | |||
==data-at-rest encryption versus encrypted transfers== | ==data-at-rest encryption versus encrypted transfers== | ||
Line 5: | Line 7: | ||
<!-- | <!-- | ||
We really ought not to say just "encryption", | |||
because there are distinct types that, in a very mechanical sense, | |||
: have completely different uses, and | |||
: have completely different challenges when it comes to ''making'' them secure at all, | |||
: have completely different challenges to ''keeping'' things secure over time. | |||
And when we say 'different', we mean both | |||
: theoretically distinct (e.g. at-rest encryption versus encrypted transfers; symmetry versus asymmetry; the math of key exchange) | |||
: and practically distinct (encrypted connections based on managing keys, versus public key infrastructure) | |||
'''Data-at-rest encryption''' mostly refers to encrypting files, partitions, or entire drives. | '''Data-at-rest encryption''' mostly refers to encrypting files, partitions, or entire drives. | ||
Usually: once it's powered off, it is unusable until a specific action/secret is given | |||
Data-at-rest encryption is great for peace of mind around theft of hardware. | |||
It does absolutely nothing to keeping that data private while in transit. | But it applies only to local storage while powered off: | ||
* It does absolutely nothing to keeping that data private while it is in a usable state | |||
* It does absolutely nothing to keeping that data private while in transit. | |||
Line 22: | Line 38: | ||
This is great great when you don't trust the network you're communicating on - and when in doubt, you shouldn't - | This is great great when you don't trust the network you're communicating on - and when in doubt, you shouldn't - | ||
But it applies only to transit: | |||
* It does absolutely nothing to keeping that data private while/once on the endpoints that are communicating. | |||
It does absolutely nothing to keeping that data private while/once on the endpoints that are communicating. | |||
* It stops when once that data makes it to the other endpoint; it says nothing about what those endpoints ''then'' decide to do with that data | |||
Line 59: | Line 75: | ||
Particularly phones are better than that, but you shouldn't assume it. | Particularly phones are better than that, but you shouldn't assume it. | ||
--> | |||
<!-- | |||
==More theoretical== | |||
Homomorphic encryption | |||
https://en.wikipedia.org/wiki/Homomorphic_encryption | |||
--> | --> |
Revision as of 16:26, 20 April 2024
Security related stuff.
Securing services
Unsorted - · Anonymization notes · website security notes · integrated security hardware · Glossary · unsorted |