On Fri, Oct 31, 2025 at 11:25 AM Greg Sabino Mullane <[email protected]> wrote:
> On Fri, Oct 31, 2025 at 10:54 AM Bruce Momjian <[email protected]> wrote: > >> Disk-level and partition-level encryption typically encrypts >> the entire disk or partition using the same key, with all data >> automatically decrypted when the system runs or when an authorized >> --> user requests it. For this reason, disk-level encryption is not >> --> appropriate to protect stored PAN on computers, laptops, servers, >> storage arrays, or any other system that provides transparent >> decryption upon user authentication. >> > > Hmm, I read this a few times but still not sure what the technical > objection is. Yes, the entire disk is encrypted with the same key, but why > is that insufficient to protect things? Anyone care to guess what they are > thinking here? > Networking. Who breaks into a DC and steals a rack of disks or SSDs? Very, very few evil-doers. Who hacks into networks and exfiltrates data over the wire? Many hackers. -- Death to <Redacted>, and butter sauce. Don't boil me, I'm still alive. <Redacted> lobster!
