encryption
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| encryption [2026/05/30 08:06] – reidjs | encryption [2026/05/30 08:19] (current) – reidjs | ||
|---|---|---|---|
| Line 16: | Line 16: | ||
| Popular standards are DES (data encryption standard) and AES (advanced encryption standard) as well as the size, e.g. 128 or 256 bits to prevent brute force cracking techniques. | Popular standards are DES (data encryption standard) and AES (advanced encryption standard) as well as the size, e.g. 128 or 256 bits to prevent brute force cracking techniques. | ||
| + | As time goes on, and cracking techniques improve, sometimes we have to stretch keys, i.e., re-hash a key over and over to maintain security | ||
| + | Trusted Module Platform (TPM): | ||
| + | * - spec for crypto methods | ||
| + | * - persistent memory - the keys are burned in | ||
| + | * - encryption for a single device | ||
| + | |||
| + | in a data center, you would need a hardware security modulate (HSM): | ||
| + | * - used in large environments, | ||
| + | * - security stores thousands of crypto keys | ||
| + | * - may have a component that's specifically designed to perform cryptographic functions | ||
| + | |||
| + | |||
| + | Key Management System (KMS) | ||
| + | * Manage all keys from single console | ||
| + | * Keeps keys separate from data you are trying to protect | ||
| + | * all keys are managed in one console | ||
| + | * logs key use and important events | ||
| + | * rotate keys on regular intervals | ||
| + | * May track things like keys used for SSH access, SSL keys for servers | ||
| + | |||
| + | Secure Enclave | ||
| + | * a protected area for secrets | ||
| + | * isolated from main processor | ||
| + | * performs AES encyption on hardware, monitors system boot process | ||
| + | * root crypto keys | ||
encryption.1780153601.txt.gz · Last modified: by reidjs