Differences

This shows you the differences between two versions of the page.

--- encryption [2026/05/30 08:06] – created reidjs
+++ encryption [2026/05/30 08:19] (current) – reidjs
@@ Line 14: / Line 14: @@
 For encryption and decryption to work, both sides must agree on a standard/same algorithm.
-Popular standards are DES (data encryption standard) and AES (advanced encryption standard) as well as the size, e.g. 128 or 256 bits.
+Popular standards are DES (data encryption standard) and AES (advanced encryption standard) as well as the size, e.g. 128 or 256 bits to prevent brute force cracking techniques.
+As time goes on, and cracking techniques improve, sometimes we have to stretch keys, i.e., re-hash a key over and over to maintain security
+Trusted Module Platform (TPM):
+  * - spec for crypto methods
+  * - persistent memory - the keys are burned in
+  * - encryption for a single device
+in a data center, you would need a hardware security modulate (HSM):
+  * - used in large environments, clusters
+  * - security stores thousands of crypto keys
+  * - may have a component that's specifically designed to perform cryptographic functions
+Key Management System (KMS)
+  * Manage all keys from single console
+  * Keeps keys separate from data you are trying to protect
+  * all keys are managed in one console
+  * logs key use and important events
+  * rotate keys on regular intervals
+  * May track things like keys used for SSH access, SSL keys for servers
+Secure Enclave
+  * a protected area for secrets
+  * isolated from main processor
+  * performs AES encyption on hardware, monitors system boot process
+  * root crypto keys