Because the key has no extra security, it will not provide any extra security to the data,
If the access is local to the system, the key will be as easily accessible as the rest of the data. If access is denied, encryption is not helping because data are not accessed anyway. If access is granted to the data, they will be decrypted without any question. If the access is remote, it will be served by the system. Considering that their filesystem is already protected by such access control, the net value is a plain big ZERO. That creates the first limitation : as long as the drives are part of the system, their content it not protected by anything else than access control at filesystem level.
The key is clear text in the filesystem and protected only by access control to that file.
So when doing pool encryption, how secure is the key ? In fact, not much. This is the golden rule of cryptography : No crypto solution can provide a security better than the security applied to its key. Considering how often pool encryption turns to a self-inflicted ransomware, I wish to offer some input about that functionality and remember people how high risk and low benefit that feature can be.įor pool encryption like for every encryption, the security is entirely provided by the key. After offering support in the forum for a little while, I am baffled at how many people have pool encryption turned ON in their pool.