Security notes / data-at-rest encryption

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Security related stuff.

Linux - PAM notes · SELinux

Securing services

Public key encryption; SSL and TLS
SSH: tunnels, X forwarding · keypair logins · SSH jails · loose notes · agent
Apache config and .htaccess - security

A little more practical

security for the everyday person

not-so-formal notes
Ingredients that might be useful to know - MFA / 2FA · One-Time Passwords; also, authenticators

More techincal waffling

Message signing notes · Hashing notes ·

Auth - identity and auth notes

Encryption - Encryption notes · public key encryption notes · data-at-rest encryption ·pre-boot authentication · encrypted connections

Unsorted - · Anonymization notes · website security notes · integrated security hardware · Glossary · unsorted

✎ This article/section is a stub — some half-sorted notes, not necessarily checked, not necessarily correct. Feel free to ignore, or tell me about it.

Data at rest, or data in flight

Encryption generally protects either data only at rest, or data only in flight (e.g. HTTP / TLS).

Why not both? While you could base both on much the same underlying code, they are different purposes, and have practicalities different enough in the security and privacy implications, and how to use them well for those purposes. You might as well have two different specializations.

On hard drive encryption

What does it do? What does it not do? How strong is its guarantee?

Do I need it?

For a practical view, see Security notes - security for the everyday person

Practical side

A note on speed

Techical side

Drive encryption and TPM

Online encrypted storage

File encryption

User account encryption