5 votes

Topic deleted by author

2 comments

  1. skybrian
    Link
    By E2E I assume you mean "end-to-end". End-to-end encryption means that messages are only decrypted on the end-user's device. For example, if you have a cell phone and you send a text message to...

    By E2E I assume you mean "end-to-end".

    End-to-end encryption means that messages are only decrypted on the end-user's device. For example, if you have a cell phone and you send a text message to someone else, it will be encrypted using the public key of a public/private key pair where the private key is only stored on their phone.

    Most systems (including pretty much all websites) are not end-to-end. There is encryption for the link from the browser to the server, and there may be encryption in the database, but the server code has the decryption key and is able to read the data. This is necessary to make most websites work. It's harder to design systems that use end-to-end encryption.

    7 votes
  2. udia
    Link
    Are you talking about End-to-end encryption? The idea is relevant to communication. It is when an actor 'A' sends information to another actor 'B' such that no third parties can retrieve the...

    Are you talking about End-to-end encryption?

    The idea is relevant to communication. It is when an actor 'A' sends information to another actor 'B' such that no third parties can retrieve the information. Third parties includes the mechanism of sending the information itself (for example, when you email someone using GMail, Google would be a third party).

    Data at rest encryption does not guarantee E2EE, it is just a security measure to mitigate damage if your hard drive is stolen. If the server admins hold the encryption keys, they can decrypt the database and read its contents.

    HTTPS/TLS also does not guarantee E2EE. TLS mitigates attackers trying to pull information from packet sniffing, but the information may still be sent unencrypted.

    5 votes