Security notes / Encryption notes: Difference between revisions

From Helpful
Jump to navigation Jump to search
mNo edit summary
Line 5: Line 5:


<!--
<!--
We really ought not to say just "encryption",
because there are distinct types that, in a very mechanical sense,
: have completely different uses, and
: have completely different challenges when it comes to ''making'' them secure at all,
: have completely different challenges to ''keeping'' things secure over time.
And when we say 'different', we mean both
: theoretically distinct (e.g. at-rest encryption versus encrypted transfers; symmetry versus asymmetry; the math of key exchange)
: and practically distinct (encrypted connections based on managing keys, versus public key infrastructure)


'''Data-at-rest encryption''' mostly refers to encrypting files, partitions, or entire drives.
'''Data-at-rest encryption''' mostly refers to encrypting files, partitions, or entire drives.


Data-at-rest encryption is great for peace of mind around theft of the hardware.
Usually: once it's powered off, it is unusable until a specific action/secret is given


It does absolutely nothing to keeping that data private while it is in a usable state.
Data-at-rest encryption is great for peace of mind around theft of hardware.


It does absolutely nothing to keeping that data private while in transit.
But it applies only to local storage while powered off:
* It does absolutely nothing to keeping that data private while it is in a usable state
 
* It does absolutely nothing to keeping that data private while in transit.




Line 22: Line 36:
This is great great when you don't trust the network you're communicating on - and when in doubt, you shouldn't -  
This is great great when you don't trust the network you're communicating on - and when in doubt, you shouldn't -  


Yet it's only responsible for protection in transit.
But it applies only to transit:
 
* It does absolutely nothing to keeping that data private while/once on the endpoints that are communicating.
It does absolutely nothing to keeping that data private while/once on the endpoints that are communicating.


* It stops when once that data makes it to the other endpoint; it says nothing about what those endpoints ''then'' decide to do with that data




Revision as of 13:52, 6 December 2023

Security related stuff.


Linux - PAM notes · SELinux

Securing services


A little more practical


More techincal waffling

Message signing notes · Hashing notes ·
Auth - identity and auth notes
Encryption - Encryption notes · public key encryption notes · data-at-rest encryption ·pre-boot authentication · encrypted connections

Unsorted - · Anonymization notes · website security notes · integrated security hardware · Glossary · unsorted

data-at-rest encryption versus encrypted transfers

Retrieved from "https://helpful.knobs-dials.com/index.php?title=Security_notes_/_Encryption_notes&oldid=92617"