Viewing a single comment thread. View all comments

Gareth79 t1_izdnln2 wrote

4

happyscrappy t1_izeszqq wrote

No. I'm not.

They whiten data because if you don't, if the data has far more 0s than 1s (or vice versa) then it creates a local imbalance in charge level on the disk (or NAND sector). If the local imbalance is large enough it affects other data nearby (that's how magnetic fields work).

So as I said, all data is encrypted at rest now. So, as is nearly always the case for security the real question comes down to key management, not "whether it's encrypted".

E2E would mean that the keys are generated by the client each time it connects. And then presumably it is not written down (it better not be). So no one can steal drives and end up with the keys.

Is this the case for your idea of putting other encryption at rest on top but without E2E? Is it adding appreciable security?

1