@mckinley@twtxt.net Yeah, that’s more clear. 👌
Systems that are on all the time don’t benefit as much from at-rest encryption, anyway.
Right, especially not if it’s “cloud storage”. 😅 (We’re only doing it on our backup servers, which are “real” hardware.)
@movq@www.uninformativ.de § after we pass the key over to the GOV cloud for our protection.
@movq@www.uninformativ.de § after we pass the key over to the GOV cloud for our protection.
@xuu@txt.sour.is I’ve seen worse. Companies that sell customers “data security” and tell you they split the key into 3 parts. They tell you there’s no way they can ever see the full key because you have one third, they have the 2nd third and their trusted “3rd-party” has the other third (which they have access to for backup reasons).
🤦♂️ wtf 😳
@prologic@twtxt.net that would work if it was using shamir’s secret sharing .. although i think its typically 3 of 5 so you get 3, one to the company, and one to the “third party”. so you can recover all you want.. but if the company or 3rd wants to they need one of your 3 to recover.
but still .. if they are providing them then whats the point of trusting they don’t have copies.
@prologic@twtxt.net that would work if it was using shamir’s secret sharing .. although i think its typically 3 of 5 so you get 3, one to the company, and one to the “third party”. so you can recover all you want.. but if the company or 3rd wants to they need one of your 3 to recover.
but still .. if they are providing them then whats the point of trusting they don’t have copies.