[133488] in North American Network Operators' Group
Re: Windows Encryption Software
daemon@ATHENA.MIT.EDU (Michael Holstein)
Fri Dec 10 09:33:35 2010
Date: Fri, 10 Dec 2010 09:33:24 -0500
From: Michael Holstein <michael.holstein@csuohio.edu>
To: Curtis Maurand <cmaurand@xyonet.com>
In-Reply-To: <4D022B30.5020709@xyonet.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> After some research, I find that recovery of EFS (available for Win
> 2000/2003/XP/Vista/7) encrypted files in the case of disaster can be
> problematic. It has to do with keys, file ownerships, etc., etc.,
> etc. Plan for disaster and know how to recover before you encrypt
> with EFS.
This is an interesting point .. it depends on what the "disaster" is
that you plan for.
In many cases, the "disaster" is the seizure or loss of the device, it
which case it's appropriate NOT to have any method of key recovery. In a
corporate context, it's debatable if key escrow and multikey methods
mitigate the risk or compound it.
Regards,
Michael Holstein
Cleveland State University
