[Novalug] encryption at rest on a virtual server for a virtual drive

Brandon Saxe brandon20va@yahoo.com
Wed Sep 11 12:54:13 EDT 2013


Right. 

Once one is on the machine, the next level would be to encrypt/decrypt files as needed. This would be tailored to end user program use cases, e.g. opening a spreadsheet. For these, I would use an external device for my keys (my cell phone in yet another encrypted container). 

It would probably also be possible to double encrypt data using both a key from an escrow server and then encrypting the encrypted copy again with a key on the physical device. No single key can access the data. This is similar to the idea of two different launch keys for nukes (war games fan). 

You could also go crazy and just encrypt over and over again and distribute the keys. I call this the horcrux method (harry potter). 

The levels of sophistication for a solution should vary per use case. Trying to apply a single mechanism to all encryption problems would be a waste of time and energy. 

Take a catalog of your stuff. Identify the level of security you need. Assess the likelihood and impact and apply the most pragmatic solution to each case. 

Sent from Yahoo! Mail on Android

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.firemountain.net/pipermail/novalug/attachments/20130911/0abeaf6d/attachment.htm>


More information about the Novalug mailing list