On Fri, Oct 31, 2025 at 11:25 AM Greg Sabino Mullane <htamfids@gmail.com> wrote:
On Fri, Oct 31, 2025 at 10:54 AM Bruce Momjian <bruce@momjian.us> wrote:
Disk-level and partition-level encryption typically encrypts the entire disk or partition using the same key, with all data automatically decrypted when the system runs or when an authorized --> user requests it. For this reason, disk-level encryption is not --> appropriate to protect stored PAN on computers, laptops, servers, storage arrays, or any other system that provides transparent decryption upon user authentication.
Hmm, I read this a few times but still not sure what the technical objection is. Yes, the entire disk is encrypted with the same key, but why is that insufficient to protect things? Anyone care to guess what they are thinking here?
Networking.
Who breaks into a DC and steals a rack of disks or SSDs? Very, very few evil-doers.
Who hacks into networks and exfiltrates data over the wire? Many hackers.
