If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#16
|
|||
|
|||
Help with EFS
Thank you all for the interesting thread. By the way, David, microsoft.public.security.crypto is not in my news server, sorry. Patrick Keenan wrote: Yes. And at that point, it'd be a good idea to update the exported credential disk. While it is everything you all said enough clear, this point leave me a doubt. I have tried exporting private key with the option "delete after successful exportation", after this, successive exports are not available, so I would ask what exactly you meant. In fact, it is not clear, if the OS deletes private key after the export, my doubt can be formulated such way (I am not saying it is not my fault if I have still doubts): it can still decrypt the files (without logging out, or changing password, or removing disks and so on...) so that key should be somewhere else on the system... so what it deleted? In another words, ff "all the necessary stuff for decryption (whatever this is)" remains on disk after removing that key after export, this "necessary stuff" is still there if the disk is physically stolen... or not? The same will happen if you boot with a Linux password-reset tool and change it that way. In fact, I am now a bit more secure about the disks removed without consent. I do know utilities for resetting passwords with a physical disk with installed Windows, but I do not know if there are similar programs for virtual Windows installations over some *nix machine as many economic ISP do for hosting. I'd like to say it's great to hear that you are trying this out for yourself on an expendable system rather than on real data. (that site is core of company, that was obvious for good common sense first...) As to floppies - yes, XP wants to export to floppies, get a $20 external USB floppy drive. It's a handy tool to have around. That was humorous, I meant every site I visited (before this newsgroup) said: store the key in a floppy, instead of "in a safe place" (an usb key for example). You need to continue to test so you understand what's happening, and examine privacy legislation in your area to see what is legally required and what other companies do to comply with it. You also need to deal with the physical access issue, as well as secure and current backups. Be sure you can restore them to another system. Actually it is easy that the legal requirements are different from technical ones, so when I am sure of a work I leave details to the company lawyer. I mean, if I can be sincere, I do not care so much of the LEGAL stuff, in front of the ILLEGAL stuff, like corrupt ISP employess lending disk images to another company, laptops with sensitive data forgotten on a taxi, or sold and found on ebay... So I think it is a lucky thing my new comapny choose an economic ISP without automated backup service, otherwise even if I encrypt now, maybe old unencrypted backup copies still exist somewhere in the ISP building! (better than nothing, for a thief) As for recovery, I never meant to rely of EFS for it. I backup data unencrypted and I crypt them with third part utility, I trust more, not for the raw level of encryption, but for these many dark details we are discussing here. EFS is just the first tool I wanted try for protection "on the fly", if the original disk is stolen or destroyed it is not a big issue using a 2 day old backup, compared with the disclosure of the database content. Again, thx to all. |
Ads |
#17
|
|||
|
|||
Help with EFS
snipped
h128 wrote: snipped By the way, David, microsoft.public.security.crypto is not in my news server, sorry. For Microsoft related newsgroups - you should likely point your newsreader to news.microsoft.com or msnews.microsoft.com (as the server.) It's your best choice for reading Microsoft Newsgroups. http://www.microsoft.com/communities.../nntpnews.mspx Good Luck! -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html |
|
Thread Tools | |
Display Modes | |
|
|