undefined | Better HN

0 pointsjiggawatts4mo ago0 comments

This is why I always shake my head when the Reddit armchair security experts say "The data wasn't even encrypted!? Amateur hour!" in response to some PII leak.

Sure, sure buddy, I'll encrypt all of my PII data so nobody can access it... including the web application server.

Okay, fine, I'll decrypt it on the fly with a key in some API server... now the web server had unencrypted access to it, which sounds bad, but that's literally the only way that it can process and serve the data to users in a meaningful way! Now if someone hacks the web app server -- the common scenario -- then the attacker has unencrypted access!

I can encrypt the database, but at what layer? Storage? Cloud storage is already encrypted! Backups? Yeah, sure, but then what happens in a disaster? Who's got the keys? Are they contactable at 3am?

Etc, etc...

It's not only not as simple as ticking an "encrypted: yes" checkbox, it's maximally difficult, with a very direct tradeoff between accessibility and protection. The sole purpose of encrypting data is to prevent access!

0 comments

londons_explore4mo ago

I like the approach of mega.nz...

Server stores encrypted blobs. Server doesn't have the keys.

  Entire application is on the client, and just downloads and decrypts what it needs.

Obviously your entire application stack needs to be developed with that approach in mind, and some things like 'make a hyperlink to share this' get much more complex.

dh20224mo ago

Re: encrypting data that would be served via web server: why would anyone bother to encrypt data meant to be shared externally worldwide? It makes no sense to begin with…

1 more reply

Terr_4mo ago

Nah bro, you just gotta use homomorphic encryption! /s

That said, encryption at rest is still good in terms of theft or mis-disposal.

j / k navigate · click thread line to collapse