> On 15 Mar 2015, at 22:58, Garrett D'Amore via smartos-discuss > <[email protected]> wrote: > > In that case you must use application layer encryption. You cannot rely upon > the OS since keying material passed via the OS may be in the hands of the > admin. If you are using client devices you should encrypt at the device not > at the server. > > Sent from my iPhone > > On Mar 15, 2015, at 1:27 PM, Günther Alka via smartos-discuss > <[email protected]> wrote: > >> Edward Snowden shows us that >> >> - you must care about your data. always, everywhere >> - must not allow any admin to see your data >> - must use end to end encryption (do not trust your provider, you need a >> personal key) >> - you cannot lock out NSA & Co, but most others (and NSA needs a lot of >> efforts if any data is end-user encrypted) >> - any effort is better than the current „all is open" >> >> even if you simply care about some business/private data without any >> criminal background >> >> >>> >>> IMNSHO, relying on the filesystem to encrypt data is far inferior to >>> encrypting >>> at the application. If you have something worth hiding, do not rely on >>> cleartext >>> at any infrastructure level. The guvmint routinely shows how they've >>> already >>> compromised those things we use to build infrastructure.
There's also the possibility of encrypting in the drives themselves. However as the NSA and friends have recently been discovered embedding their nefarious code inside drive firmware, this may be a bad approach. Chris ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
