Security notes / data-at-rest encryption: Difference between revisions

From Helpful
Jump to navigation Jump to search
mNo edit summary
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
{{#addbodyclass:tag_tech}}
{{#addbodyclass:tag_security}}
{{SecurityRelated}}
{{SecurityRelated}}


Line 17: Line 19:
====On hard drive encryption====
====On hard drive encryption====


=====Do I need it?=====
=====What does it do? What does it not do? How strong is its guarantee?=====
For a practical view, see [[Security notes - security for the everyday person]]
 
<!--
Annoyingly, this term now refers to a few completely distinct flavours of solution.


=====Practical side=====
Each has different guarantees, including but not limited to


<!--
There are a few flavours of disk encryption, including
There are a few flavours of disk encryption, including
* "enter password at boot to decrypt disk"
* "enter password at boot to decrypt disk"
: means the entire computer is unusable without a master password
: means the entire computer is unusable without a master password
: decent against people taking your hardware (e.g. laptop)
: BUT does nothing while it is still powered on
* "[[enclavey stuff]] does it for you"
: great against against people stealing your storage but not your entire computer
: BUT does almost nothing if they steal the whole thing (e.g. laptop), or sit down at it (any)


* "TPM does it for you"


* "protecting smaller portions at a time", e.g. a partition
* "protecting smaller portions at a time", e.g. a partition
Line 33: Line 42:
: can also be tied to TPM, other hardware, or be purely software
: can also be tied to TPM, other hardware, or be purely software
: User account encryption, on systems that allow it, has varied meaning and is its own topic
: User account encryption, on systems that allow it, has varied meaning and is its own topic
: great to add some secrecy without a complete reinstall
: BUT may have some practical footnotes (e.g. "everybody could access until I close it / reboot the thing")
-->
=====Do I need it?=====
For a practical view, see [[Security notes - security for the everyday person]]


=====Practical side=====
<!--




Line 272: Line 294:


-->
-->


====Online encrypted storage====
====Online encrypted storage====

Latest revision as of 00:27, 21 April 2024

Security related stuff.


Linux - PAM notes · SELinux

Securing services


A little more practical


More techincal waffling

Message signing notes · Hashing notes ·
Auth - identity and auth notes
Encryption - Encryption notes · public key encryption notes · data-at-rest encryption ·pre-boot authentication · encrypted connections

Unsorted - · Anonymization notes · website security notes · integrated security hardware · Glossary · unsorted

This article/section is a stub — some half-sorted notes, not necessarily checked, not necessarily correct. Feel free to ignore, or tell me about it.

Data at rest, or data in flight

Encryption generally protects either data only at rest, or data only in flight (e.g. HTTP / TLS).


Why not both? While you could base both on much the same underlying code, they are different purposes, and have practicalities different enough in the security and privacy implications, and how to use them well for those purposes. You might as well have two different specializations.



On hard drive encryption

What does it do? What does it not do? How strong is its guarantee?
Do I need it?

For a practical view, see Security notes - security for the everyday person

Practical side
A note on speed
Techical side
Drive encryption and TPM

Online encrypted storage

File encryption

User account encryption

Retrieved from "https://helpful.knobs-dials.com/index.php?title=Security_notes_/_data-at-rest_encryption&oldid=95558"