Encryption at Rest

Definition

Encryption at rest protects stored data by encrypting it on disk or in databases. Even if storage media is stolen or accessed without authorization, the data remains unreadable without decryption keys. It complements encryption in transit.

Technical Explanation

Storage encryption uses symmetric algorithms (AES-256) with keys derived from passwords or hardware security modules. Full-disk encryption protects entire drives; file-level encryption targets specific data. Key management is critical—keys must be stored securely and separately.

Attack surfaces addressed: physical theft of devices, unauthorized database access, discarded hardware, backup exposure. Not addressed: attacks when data is decrypted for use, compromised key storage, or authorized user misuse.

SynX Relevance

SynX wallet files are encrypted at rest with user passwords. Your private keys never exist unencrypted on disk. Even if your device is compromised or stolen, encrypted wallet files protect your quantum-resistant keys from extraction.

Frequently Asked Questions

Is my SynX wallet encrypted?: Yes—wallet files are encrypted with your password using strong symmetric encryption.
What if I forget my password?: Use your recovery phrase to restore. There's no password recovery—encryption is real.
Should I also encrypt my whole disk?: Multiple layers help. Full-disk encryption adds protection beyond wallet-level encryption.

Keys protected even at rest. Secure with SynX