it hurts my eyes a little that some comments bring up disk encrpytion. maybe i am reading it all wrong, and maybe everyone knows this but i just want to say.
disk encryption protects against 'stolen disk'. or 'usb boot'. and such attacks, where the disk attacked is 'offline'. not loaded and unlocked by the OS and user that owns it.
if the OS is running and the usermode is compromised, it does nothing. its transparently decrypted for the user.
this means, you need further encryption, preferably unlocked through providing a secret, to secure against 'online' attacks. attacks where your user is compromised, and offline encryption schemes are bypassed already.
please lets try to remember this distinction in 2025, and perhaps even consider the confused deputies etc. too.
the knowledge and tools to prevent this stuff are available. please :(.
and yes, this also goes for full database encryption. its 90% the same.
sim7c00•8mo ago
disk encryption protects against 'stolen disk'. or 'usb boot'. and such attacks, where the disk attacked is 'offline'. not loaded and unlocked by the OS and user that owns it.
if the OS is running and the usermode is compromised, it does nothing. its transparently decrypted for the user.
this means, you need further encryption, preferably unlocked through providing a secret, to secure against 'online' attacks. attacks where your user is compromised, and offline encryption schemes are bypassed already.
please lets try to remember this distinction in 2025, and perhaps even consider the confused deputies etc. too.
the knowledge and tools to prevent this stuff are available. please :(.
and yes, this also goes for full database encryption. its 90% the same.