| From: | Ron Johnson <ronljohnsonjr(at)gmail(dot)com> |
|---|---|
| To: | pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Enquiry about TDE with PgSQL |
| Date: | 2025-10-31 15:34:45 |
| Message-ID: | CANzqJaC378Dt92YCPuuj_eWTY=wE0RQJoMM84gtsX_4mtm156g@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Fri, Oct 31, 2025 at 11:25 AM Greg Sabino Mullane <htamfids(at)gmail(dot)com>
wrote:
> On Fri, Oct 31, 2025 at 10:54 AM Bruce Momjian <bruce(at)momjian(dot)us> wrote:
>
>> Disk-level and partition-level encryption typically encrypts
>> the entire disk or partition using the same key, with all data
>> automatically decrypted when the system runs or when an authorized
>> --> user requests it. For this reason, disk-level encryption is not
>> --> appropriate to protect stored PAN on computers, laptops, servers,
>> storage arrays, or any other system that provides transparent
>> decryption upon user authentication.
>>
>
> Hmm, I read this a few times but still not sure what the technical
> objection is. Yes, the entire disk is encrypted with the same key, but why
> is that insufficient to protect things? Anyone care to guess what they are
> thinking here?
>
Networking.
Who breaks into a DC and steals a rack of disks or SSDs? Very, very few
evil-doers.
Who hacks into networks and exfiltrates data over the wire? Many hackers.
--
Death to <Redacted>, and butter sauce.
Don't boil me, I'm still alive.
<Redacted> lobster!
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Adrian Klaver | 2025-10-31 15:37:44 | Re: Enquiry about TDE with PgSQL |
| Previous Message | Bruce Momjian | 2025-10-31 15:34:30 | Re: Enquiry about TDE with PgSQL |