[133486] in North American Network Operators' Group
Re: Windows Encryption Software
daemon@ATHENA.MIT.EDU (Curtis Maurand)
Fri Dec 10 08:29:42 2010
Date: Fri, 10 Dec 2010 08:29:20 -0500
From: Curtis Maurand <cmaurand@xyonet.com>
To: nanog@nanog.org
In-Reply-To: <87zksdbw6o.fsf@mid.deneb.enyo.de>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 12/10/2010 8:21 AM, Florian Weimer wrote:
> I believe EFS is available in Windows XP and Windows 2003 Server, too.
>
> Software-based solutions have the advantage that they are somewhat
> more testable and reviewable. If it's all in the disk, you can't
> really be sure that the data is encrypted with a static key, and the
> passphrase is used for access control only. The latter approach seems
> to be somewhat common with encrypting storage devices, unfortunately.
>
After some research, I find that recovery of EFS (available for Win
2000/2003/XP/Vista/7) encrypted files in the case of disaster can be
problematic. It has to do with keys, file ownerships, etc., etc., etc.
Plan for disaster and know how to recover before you encrypt with EFS.
--Curtis
