Re: Windows Encryption Utilities

[Steve Lovaas <steven.lovaas () COLOSTATE EDU>]

We've been using TrueCrypt on a small scale for about 6 months. So far,
no complaints and no troubles.

As for what happens when a user loses a key, it's not truly key
recovery. But the admin can set an initial key, and take a snapshot at
that point. A hash will be written (and can be stored by the admin), and
then the device can be given to the user, who can be required to set a
new key/passphrase.

When(not if) the user loses they key, the admin can write the old config
snapshot to the device and the passphrase will be the same as it was
initially (launder rinse repeat with a new user passphrase). The admin
doesn't store the actual passphrases anywhere (except on a sticky
note)... just the hashed result.

I've used "passphrase" and "key" interchangeably here, since the program
can support both. I don't know for sure how it treats key files
regarding admin changes, but the passphrase hash backup gave our users
enough peace of mind to trust that they'd be able to get their stuff if
they forgot...

Steve Lovaas

Chris Green wrote:
> What are you all doing for recovery/escrow?  That's what moves us towards
> needing to look at costlier products.   Having someone forget the password
> for something they worked on for 10 years is terrible. Having someone do it
> intentionally using the recommended tool is probably worse.
>
> I'd love if anyone has recommendations in that area.
>
> On 5/25/06 12:35 PM, "Mark Rogowski" <m.rogowski () UWINNIPEG CA> wrote:
>
> > You're right Harold, it only works at the file level.  Still, not a bad
> > tool.  I was also impressed when it compressed and encrypted ISO images
> > of 700MB.
> >
> > m

--
==============================================================
Steven Lovaas, MSIA, CISSP
Network & Security Resource Manager
Academic Computing & Network Services
Colorado State University
970-297-3707
Steven.Lovaas () ColoState EDU
==============================================================