|
|
|
|
|
|
by mkl
806 days ago
|
|
|
I think the idea is that the server immediately encrypts your data with a key you provide, deletes your key, and keeps your data encrypted at rest. You're trusting the server to do the last two things, like with client-side encryption you're trusting the server to send you non-compromised encryption code and to not exfiltrate your key. This seems much more equivalent, and in either case a compromised server can get your data as soon as you next access it. |
|
|