On 12/28/2016 4:16 PM, jesusthefrog
wrote:
data really should be encrypted at the end point it originates and only decrypted at the end point where its used. yes, this presents all sorts of annoying issues for everything in between, but anything less is false security. the problem with full disk encryption, as long as the volume is
mounted, the data is visible as the encryption keys are loaded at
boot or mount time. the only threat model FDE protects against is
physical theft of the server.
-- john r pierce, recycling bits in santa cruz |