funsec mailing list archives
Re: Stolen laptops and the Windows encrypted file system?
From: coderman <coderman () gmail com>
Date: Thu, 30 Mar 2006 04:13:42 -0800
On 3/29/06, Henderson, Dennis K. <Dennis.Henderson () umb com> wrote:
Another solution would be to allow people to store their EFS encryption keys on a separate device such as a USB flash drive. I also believe that an encrypted folder on a portable hard drive would be safe if it is carried separatly from a laptop which holds the EFS encryption keys. ... The nice thing about PreBootAuth and full disk encryption is that you dont have to worry about having another device to lose along with the laptop. Its an option with most full disk encryption products, but I wouldnt deploy that given how convenient it would be to simply toss the smartcard or fob into the laptop case.
what would it take to get johnny teenager / sally CEO to encrypt? can this be made simpler / more compelling? 0. insert new second disk of equal or greater size 1. boot from trusted cd/dvd ISO image 2. insert USB memory stick (or two if you want a backup) 3. enter new password / passphrase (see good password howto) 4. agree/confirm to copy over empty / target disk 5. wait as new disk is encrypted via loop-aes, keys are stored on password protected USB image, all existing OS data* on source disk is copied to encrypted volume on new disk. 6. reboot into new encrypted volume and copy back over original source hard disk with loop-aes and store keys for this disk on USB image. 7. Johnny gets a data backup with his privacy. * ubuntu, knoppix, slackware, linspire and centos supported. a windoze or other partition (vfat, ntfs, etc) can be copied and mounted under a new installation of the previously mentioned linux OS'es on the new encrypted disk. (if one of these linux flavors is not already installed) _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Stolen laptops and the Windows encrypted file system? Richard M. Smith (Mar 28)
- <Possible follow-ups>
- RE: Stolen laptops and the Windows encrypted file system? Young, Keith (Mar 28)
- RE: Stolen laptops and the Windows encrypted file system? Richard M. Smith (Mar 28)
- Re: Stolen laptops and the Windows encrypted file system? Valdis . Kletnieks (Mar 28)
- Re: Stolen laptops and the Windows encrypted file system? Ahmad Elkhatib (Mar 29)
- RE: Stolen laptops and the Windows encrypted file system? Richard M. Smith (Mar 29)
- Re: Stolen laptops and the Windows encrypted file system? Ron (Mar 29)
- RE: Stolen laptops and the Windows encrypted file system? Henderson, Dennis K. (Mar 29)
- Re: Stolen laptops and the Windows encrypted file system? coderman (Mar 30)
- RE: Stolen laptops and the Windows encrypted file system? Richard M. Smith (Mar 28)