Re: [dev] Disk encryption
On Thu, Jun 16, 2022 at 11:20 AM an2qzavok <an2qzavok_AT_gmail.com> wrote:
> >do not roll your own crypto
> I believe this refers only to inventing your own algorithm, just
> writing your own implementation of existing and tested algorithms is
> fine.
I've heard it in both contexts. The more popular context I've heard it
said in is re-writes. I presume because they're more approachable. What
I've understood from industry as the basis for this is that you may
forgo protections in your re-write that you didn't understand or
recognize, but are necessary. Efforts towards side-channel resistance in
the original library may be written off as bloat.
My stance is do what ever makes you happy and betters your
understanding, but make it easily discernable which projects are tested
to be hardened and which are not.
Telling people not to do something, or convincing them you are the only
one capable usually stems from weakness.
> Though, is encrypted root partition even desirable?
> Since it only keeps your data safe when your machine is powered off, I
> always thought of system disk encryption as snake oil at worst and at
> best just not worth the effort.
I've been saved on many occasions by not having an encrypted drive and
being able to side-load my fs.
On Thu, Jun 16, 2022 at 11:20 AM an2qzavok <an2qzavok_AT_gmail.com> wrote:
>
> >do not roll your own crypto
> I believe this refers only to inventing your own algorithm, just
> writing your own implementation of existing and tested algorithms is
> fine.
>
> Though, is encrypted root partition even desirable?
> Since it only keeps your data safe when your machine is powered off, I
> always thought of system disk encryption as snake oil at worst and at
> best just not worth the effort.
>
Received on Thu Jun 16 2022 - 21:06:20 CEST
This archive was generated by hypermail 2.3.0
: Thu Jun 16 2022 - 21:36:10 CEST