
Ask HN: Is there a point to encrypting user data? - notheguyouthink
I&#x27;m making a web application which stores user data. For sake of discussion, lets say notes. These notes may be personal in nature however, so I&#x27;ve been thinking on ways to secure the users data.<p>As an aside, for security minded users I already plan on making a self-hosted option which will work in tandem with the hosted option. <i>(this is mainly because I want to self host haha)</i><p>With that said, I was debating encrypting all user data on the hosted system. There of course might need to be some non-encrypted data for indexing, but that&#x27;s a side concern. My question on this becomes:<p>Is there even a point to encrypting user data on the server?<p>If my server is breached, the at-rest data is secure - sure, but someone has access to the server, which means hypothetically they could MITM the decryption data when users write it or read it. So is this even worth while? Furthermore, users have to blindly trust that I&#x27;m not storing their key, which undermines the goal of encrypting their data.<p>I&#x27;m aware that an alternate method to do this could be to keep the decryption in javascript and encrypt&#x2F;decrypt before ever getting to the server. However the question I asked above is because I&#x27;m just trying to understand if server-encryption is even worth while. Is it a pointless venture? A waste of time?<p>Thanks.
======
ecesena
At your stage, keeping data that you'd like to encrypt separated from data
that you surely won't encrypt is probably be the fastest solution. It will be
easy to encrypt it later, when time comes.

Encryption at rest protects from personnel misbehaving. If you use a cloud
provider, it's their employees.

Similarly, encrypting data at application (backend) layer and storing
encrypted blobs in the database, protects from your dbas/employees
misbehaving, for example me taking a look at my friend's notes.

For encryption to be useful, as you pointed out, it's not enough to encrypt.
You need to store your key(s) in a secure place, and release them only to
production machines. You need to be able to rotate keys. You need access logs
for auditing. And you probably want a development environment that uses
different keys than production. In short, you need a KMS, a way to
authenticate machines, a protocol to rotate keys, logs & alerts, etc.

