[ozlikethewizard]

Encrypting data at rest is security theatre right? Unless consumers control the keys (which they generally dont want to), the keys will have to be accessible by the system storing the data. So if the system is compromised so are the keys? Like I cannot see the security benefits from encrypting data at rest in a non E2E system.

[rkangel]

It's a whole lot easier to store the keys in a special hardened location than it is to store your whole storage.

[ozlikethewizard]

Right but access to those keys will be available in an unhardened location then? Otherwise you're serving encrypted data. So if the system accessing the data and using the keys is compromised, which we can assume is the case if the data is compromised, then access to the keys is as well?

Maybe I'm being an idiot but it seems like a lot of extra complexity to protect against really only physical attacks where someone directly steals the data storage.

[winstonwinston]

> to protect against really only physical attacks where someone directly steals the data storage.

Yes, physical access poses a significant risk to data security, it should not be ignored.

[ozlikethewizard]

Aren't we legislating the wrong problem here then though? I'd argue prioritising the physical security of your drives over encrypting them is a better aim for services. As if someone can physically steal your drives they've still DOSed your system even if they cannot accesd the content.