Encryption at-rest can be applied to an entire drive or value such as with Microsoft’s Bitlocker, or it can be more granularly applied to specific files. A key, passphrase, or both, is required to return the state of the data into something readable. Arbitrary data is treated as plaintext, and encrypted into ciphertext. This protects against physical theft, or an attacker who has already compromised the machine on which the data resides. In contrast, encryption at-rest encrypts data sitting on a hard drive. While encryption in-transit (also called in-flight) focuses on secure transmission via an insecure channel, both the sending and receiving endpoint have access to the information in the clear. However, equally worth understanding is encryption at-rest. Usually we focus on SSL/TLS and its role in encryption in-transit.
0 kommentar(er)
