Commit 53947dc8 authored by Maarten de Waard's avatar Maarten de Waard 🤘🏻
Browse files

Added limitations based on page from cryptops docs

parent 3a917221
......@@ -142,21 +142,21 @@
End points:
\item GET /encryption
\item POST /encryption/init
\item POST /encryption/remove
\item POST /encryption/unlock
\item POST /encryption/selfdestruct
\item \texttt{GET} /encryption
\item \texttt{POST} /encryption/init
\item \texttt{POST} /encryption/remove
\item \texttt{POST} /encryption/unlock
\item \texttt{POST} /encryption/selfdestruct
\item GET /encryption/keys
\item POST/PUT /encryption/keys/{slot}
\item DELETE /encryption/keys/{slot}
\item \texttt{GET} /encryption/keys
\item \texttt{POST/PUT} /encryption/keys/{slot}
\item \texttt{DELETE} /encryption/keys/{slot}
\item GET /ssh/keys
\item POST/PUT /ssh/keys/
\item DELETE /ssh/keys/{key}
\item \texttt{GET} /ssh/keys
\item \texttt{POST/PUT} /ssh/keys/
\item \texttt{DELETE} /ssh/keys/{key}
......@@ -171,11 +171,48 @@
\begin{frame}{Possible reasons to use CryptOps}
\item Make it harder for hoster to view your data on disk
\item An easy way to cut off hoster's access to your data
% maybe when they change owners, or when you anticipate that they are
% forced by some authority to grant access to your data.
\item Be safe when hoster's disks get confiscated, stolen, or discarded
without shredding.
\item You want your data to be encrypted at rest.
\begin{frame}{\emph{Invalid} reasons to use CryptOps}
\item No trust in hoster, because they can:
\item Install a modified version of CryptOps that doesn't really encrypt
\item Man-in-the-middle your ssh connection to the server running in the
initrd, capturing your encryption password when you enter it
\item Access your data in memory while your vps is active
\item Various other methods
\begin{frame}{Possible reasons \emph{not} to use CryptOps}
\item Increased chance of data loss by losing password
\item Increased downtime of your vps (locked state)
\item Some applications support encryption
% which may be the more convenient choice for your data security
\item App for unlocking? Sky is the limit with the API
\item Encrypted RAM?
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment