Comment on Encrypting without full disk encryption question
Passerby6497@lemmy.world 1 month agoOn my TODO list I also have to implement some sort of notification to get an alert when the decryption key is fetched from internet.
Why is it fetchable by arbitrary IPs from the internet? I’d think you’d lock it down to an IP/only make it available locally.
lorentz@feddit.it 1 month ago
The decryption key is more than 20 random character, so if you get only half of it is not a biggie and it doesn’t look like anything interesting.
It is on the internet mostly because I don’t have anything else to host it locally. But I see some benefit: I wanted for the server to be available immediately after a power failure. If it fetches the key from internet I just need for the router to be online, if it fetches it from the local network I need another server running unencrypted disk.
shroomato@lemmy.world 1 month ago
Most cloud providers have some kind of firewall that allows to configure a resource being accessible only from certain IP addresses. Worth it to set to your home IP address, as long as it’s static.
lorentz@feddit.it 1 month ago
Good point, I’ll add it on my TODO list