Yarn

Recent twts in reply to #ypvbypa

@mckinley@twtxt.net Yeah, that’s more clear. 👌

Systems that are on all the time don’t benefit as much from at-rest encryption, anyway.

Right, especially not if it’s “cloud storage”. 😅 (We’re only doing it on our backup servers, which are “real” hardware.)

⤋ Read More

Right, especially not if it’s “cloud storage”.

Errrr, what I meant here: It’s not useful if “the cloud” manages the key. You know, those little check boxes at Google or Azure, “encrypt this storage and generate a key for me” …

⤋ Read More

@xuu I’ve seen worse. Companies that sell customers “data security” and tell you they split the key into 3 parts. They tell you there’s no way they can ever see the full key because you have one third, they have the 2nd third and their trusted “3rd-party” has the other third (which they have access to for backup reasons).

🤦‍♂️ wtf 😳

⤋ Read More

@prologic@twtxt.net that would work if it was using shamir’s secret sharing .. although i think its typically 3 of 5 so you get 3, one to the company, and one to the “third party”. so you can recover all you want.. but if the company or 3rd wants to they need one of your 3 to recover.

but still .. if they are providing them then whats the point of trusting they don’t have copies.

⤋ Read More

Participate

Login to join in on this yarn.