[133485] in North American Network Operators' Group
Re: Windows Encryption Software
daemon@ATHENA.MIT.EDU (Florian Weimer)
Fri Dec 10 08:21:24 2010
From: Florian Weimer <fw@deneb.enyo.de>
To: Brandon Kim <brandon.kim@brandontek.com>
Date: Fri, 10 Dec 2010 14:21:19 +0100
In-Reply-To: <BLU158-w17E4A4295BF7A14F078D67DC2F0@phx.gbl> (Brandon Kim's
message of "Thu, 9 Dec 2010 19:24:03 -0500")
Cc: nanog group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
* Brandon Kim:
> I know windows has bitlocker, but I don't know if that is available
> for Win2003?
I believe EFS is available in Windows XP and Windows 2003 Server, too.
Software-based solutions have the advantage that they are somewhat
more testable and reviewable. If it's all in the disk, you can't
really be sure that the data is encrypted with a static key, and the
passphrase is used for access control only. The latter approach seems
to be somewhat common with encrypting storage devices, unfortunately.
