Educause Security Discussion mailing list archives
Re: Windows Encryption Utilities
From: Steve Lovaas <steven.lovaas () COLOSTATE EDU>
Date: Thu, 25 May 2006 12:45:43 -0600
We've been using TrueCrypt on a small scale for about 6 months. So far, no complaints and no troubles. As for what happens when a user loses a key, it's not truly key recovery. But the admin can set an initial key, and take a snapshot at that point. A hash will be written (and can be stored by the admin), and then the device can be given to the user, who can be required to set a new key/passphrase. When(not if) the user loses they key, the admin can write the old config snapshot to the device and the passphrase will be the same as it was initially (launder rinse repeat with a new user passphrase). The admin doesn't store the actual passphrases anywhere (except on a sticky note)... just the hashed result. I've used "passphrase" and "key" interchangeably here, since the program can support both. I don't know for sure how it treats key files regarding admin changes, but the passphrase hash backup gave our users enough peace of mind to trust that they'd be able to get their stuff if they forgot... Steve Lovaas Chris Green wrote:
What are you all doing for recovery/escrow? That's what moves us towards needing to look at costlier products. Having someone forget the password for something they worked on for 10 years is terrible. Having someone do it intentionally using the recommended tool is probably worse. I'd love if anyone has recommendations in that area. On 5/25/06 12:35 PM, "Mark Rogowski" <m.rogowski () UWINNIPEG CA> wrote:You're right Harold, it only works at the file level. Still, not a bad tool. I was also impressed when it compressed and encrypted ISO images of 700MB. m
-- ============================================================== Steven Lovaas, MSIA, CISSP Network & Security Resource Manager Academic Computing & Network Services Colorado State University 970-297-3707 Steven.Lovaas () ColoState EDU ==============================================================
Current thread:
- Re: Windows Encryption Utilities, (continued)
- Re: Windows Encryption Utilities Jere Retzer (May 25)
- Re: Windows Encryption Utilities Mark Rogowski (May 25)
- Re: Windows Encryption Utilities Harold Winshel (May 25)
- Re: Windows Encryption Utilities Harold Winshel (May 25)
- Re: Windows Encryption Utilities Harold Winshel (May 25)
- Re: Windows Encryption Utilities Mark Rogowski (May 25)
- Re: Windows Encryption Utilities Harold Winshel (May 25)
- Re: Windows Encryption Utilities T. Charles Yun (May 25)
- Re: Windows Encryption Utilities Jere Retzer (May 25)
- Re: Windows Encryption Utilities Chris Green (May 25)
- Re: Windows Encryption Utilities Steve Lovaas (May 25)
- Re: Windows Encryption Utilities Harold Winshel (May 25)
- Re: Windows Encryption Utilities Gary Dobbins (May 26)
- Windows Encryption Utilities Jay Hoff (May 30)
- Re: Windows Encryption Utilities Wes Young (May 30)
- Re: Windows Encryption Utilities Jeremy Hansen at 065 (May 30)
- Re: Windows Encryption Utilities Willey Kurt D (Jun 06)