Comment on what are you all doing for secure DMS?
cooopsspace@infosec.pub 1 year ago
This has been exceptionally done to death on Reddit but I’ll say it here too.
In app encryption offers no security because the encryption key is stored in RAM and likely a database entry that must be unencrypted.
So the Devs are 100% correct in stating that it gives people a false sense of security to offer it as a feature.
Best bet is to have an encrypted filesystem or alternative encrypted storage buuuut, also understand that encryption key is also stored in RAM.
TLDR: There is no point in Devs offering in app encryption when you should already be encrypting the filesystem.
pianoplant@lemmy.world 1 year ago
Thank you, very helpful! And also thanks for putting this info on lemmy :) I figured asking the question here was a good way to get some of that insight here.