New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
I'm not talking about passwords. One-way hashes belong in 1995. I'm talking about DATA. Does Office store what you type encrypted in memory? NO.
The original context of this thread is that encryption should be end-to-end so that the DATA is never unencrypted. I'm saying that's idiotic. That other guy never got it because idiots can't recognize themselves.
You are crazy and still talking nonsense. You're being told you're way off base so you're trying to change the story.
With the token talk, you seem to confuse encryption and authentication. You still need to treat the token/id and key safe, every API that's ever generated a key pair says so.
No, the context is that STORAGE can be in the same time LIVE (i.e. you can view videos, documents and use your wallet without the need to download the whole backup), REMOTE (the actual disk storage is remote, on a vm somewhere) and never unencrypted outside your device (i.e. no attacker at any point outside your device can decrypt the traffic, the storage, MITM it, whatever, without access to the keys on your device).
Also, it is idiotic to imagine that everyone can only run things live facing the public on a VM/dedi, there are storage VMs and even dedicated servers designed specifically for storage.
It's not only for these consumer applications, some software stacks have something similar to store the password encrypted. But the encryption keys are not encrypted, right?
Anyway, I think the confusion is because people are thinking of full disk encryption in the context of vps since this is lowendtalk, and full disk encryption is indeed useless in this context. Maybe it helps if someone steals the hard disks from a datacenter.
Yes, full disk encryption is useless, this is why I do not understand the people which need to insert password to start VM leading to all sorts of issues.
You can, though, use it as remote encrypted storage you would mount remotely, no matter which virtualization, even containers.
LOL. It's like watching a mouse going through a maze. I'll play. So, the term "self-hosted" means what to you? 100% remote? "storage" is only local then for "live" data?
Not quite, the idea of doing FDE on a VPS is for protecting data at rest (when the keys are no longer in memory); I'm pretty sure you've heard of that NB incident where the feds yoinked some of their drive(s).
If you have someone sniffing memory at the host, then someone getting your encryption keys should be the least of your problems.
Self-hosted means I host on my own, even through a device in my house, in another house through something like UMB "Under My Bed" hosting. I consider that within the premises.
When I buy hosting from a provider, even if it is a dedi I fully control but it is not in my house or premises, then I think that is not self hosted, it is hosted with someone else.
In that case, the only safe way to store you private and sensitive data is to have full encryption, not only end-to-end, but also in the remote place, i.e. even with full control over the dedi, reading memory and such, through any kind of device or exploit, the data will not be decryptable without the keys present only on my device(s) or simply by brute-forcing it.
Note: hosting does not mean webhosting, that is a very narrow definition, it means hosting ANYTHING in binary form, whether in memory, on a disk or other devices. I agree you cannot have webhosting without the data being decrypted remotely, it can't work that way, steps can be taken to make it harder to intercept, but it would not resist memory reading because the keys must be available remotely for this to work and if they are available remotely there can be a mechanism through which they can be read, no matter how hard we would try to make it, it is, inherently, possible, in the end.
Hum, I regard VPSes as being always on, yes, in case someone yanks the disks without taking the time to dump the memory first, it can protect, but if your data means you have your wallets there holding 100k of crypto assets you would not want to risk it in any way (other than the bruteforcing, of course, nobody can defend against that 100%).
Nothing you said here changed my earlier comment. You're using the host from the provider ONLY as a "long wire" to a remote disk. That's the only way to have end-to-end encryption-- the server does nothing but pass encrypted data to disk. In other words, you have NO apps running at all on that remote host (other than file/disk serving) because any app would require data decryption in order to do anything useful.
You are pretty thick, aren't you...
Okay, let me explain at your level.
My point was that I can have secure storage which cannot be decrypted at the remote end AND live (at my end) in the same time by using a VPS PLUS the ability to run whatever else I would like to run. I never said ALL the storage I would use that way, there can be OTHER chunks for OTHER apps.
I was making the case that, if you use a big storage provider such as Google, while the data would be more secure in the sense it would be available somewhat more of the time and the risk of losing it is considerably smaller, at the same price you can take 3 VMs with cheap providers, have secure AND live data storage (you would need to download the whole container to use the data if you try to keep it really secure if you use gdrive, for example) AND you can have different back-ups at different times in different places AND run arbitrary apps on those VMs.
I was never saying Google Drive or other products by google or other "premium" companies are not good, I only said there are ways to have more functionality, more space, more locations at a similar price which would somewhat mitigate the risk of unavailability and make up for the lost time to set it up in case one of the locations goes belly up. Even cociu run for more than 5 years and setting up your system from scratch every 3 years is a good practice.
I hope this time you understood.
Because it's cheapest!
My personal opinion is that if you like to tinker and learn go with a cheaper alternative, a self-hosted option. If you need to get going quickly, not worry about infrastructure then the public option such as Google is the best way to go.
Why use inferior products for more money?
Branding. As soon as Ye releases a cloud storage solution I’m there.
because
i am lazy
No, people are looking for value for money
value for money,
on more work
right ?
Unfortunately, people do not often factor their time when determining value.
It depends.
When you like doing that, it is a hobby. I prefer to make my own wooden bench and table in the yard as well as window frames, grow own onions, lettuce and other stuff... Am I that poor I can't afford to buy that? Are mine better? No, not at all, but I need to do some physical activity and I picked something I like.
Also, some people like more control than others. Using ready-made tools is acceptable in general, but how far would you go? of course you won't write your own kernel but you can compile in and out some features. You won't write your own hosting stack or tunneling protocol and stack, but you might like to compile it from source and opt out (or in) of some features.
Most people here are either hobbyists or control freaks or both. For us, the time we put into this is time well spent.
If you are a company where productivity is key, of course it only makes sense in some very narrow scope cases.
Do you think I’ve got brain damage?
It'll be $300 and in 48 hours after release, a release on github revealing the secret sauce available to anyone for free.
Definitely this is troll topic.
Less money doesn't necessarily mean getting an inferior product.
Idek why peasants RENT servers when you can just buy a datacenter tbh?
It would be flagged as spam if it was emailed. But that's just because he's afraid of capital letters and doesn't want to be taken seriously.
Nope I still don't understand. What "OTHER apps" do you use such that the data is of NO importance (since end-to-end encryption is not required)? I think the app is called "My Bullshit."
https://freenetproject.org/index.html
https://www.torproject.org
https://gatesentryfilter.abdullahirfan.com
Wireshark, PPTP server, RDP, game servers, I could literally name almost everything, should I go on?
If those things are BS for you, maybe it is time to move to a more suitable board for you.
Any kind of proxy, filtering app, encrypted storage, those would not need to decrypt anything since they only store already encrypted stuff and/or pass things around (except logs but that can be dealt with at a granular level). And what is wrong with encryption?
Besides, I never said I need end-to-end encryption for my OTHER apps, only for my back-ups and live encrypted storage.
I self host all my data on my Unraid server which is located right in my house, the data is replicated on multiple hard disks and Synology server as well periodically. I don't trust shady companies for my data. Especially NOT Google.
Wireshark.. LOL. I'll give you 1 point for VPN/proxy and game server, but zero on everything else.
https://freenetproject.org/index.html
Do you know what this is?
Also, Tor is Proxy, gatesentry is a filtering proxy, wireshark/pptp server are VPNs so you only excluded RDP for which I use x2go. And Freenet but I believe this is because you dont know what it is.