mulanderDec 30, 2017

Friendly reminder. Full disk encryption on a server you have no physical access to grants you no security, same for your laptop if you carry it around in sleep mode. FDE protects your data at rest as from a cold boot you need to provide the passphrase. If your box is running the secret is present in memory and can be grabbed by a dedicated attacker.

For the same reason, when approaching border control, TURN OFF your phone, just locking the screen is often not enough.

Show threadAdministrator

@mulander Perhaps FDE on cloud servers could be useful in case the company's servers are hacked?

Guess it depends on where they're storing the keys though, yeah. Any sophisticated enough hack would also make sure to get the keys. I kinda always laugh when I see this option on AWS.

Dec 31, 2017 at 1:59pmWeb