, 2006-03-21
File and disk encryption needs to be simple and easy if it's going to be used. This article looks at Apple's FileVault and takes a sneak peak at what's coming in Windows Vista.
Expand all |
Post comment
|
Encryption for the masses
, 2006-03-21 File and disk encryption needs to be simple and easy if it's going to be used. This article looks at Apple's FileVault and takes a sneak peak at what's coming in Windows Vista.
Expand all |
Post comment
|
|
|
Privacy Statement |
Encrypting a drive offers no security when someone has physical access to the machine. Why? Because the encryption key itself cannot be encrypted, it has to be on the disk somewhere in clear text.
In a corporate environment, Microsoft has solved this issue by allowing you to export the local encryption key to a 2003 Certificate Server.
On a stand alone machine, Windows or OS X, it is trivial to gain admin access if you have physical access to the machine. Once you have admin access, you can access the encryption key and decrypt whatever you want.
Vista and any other operating system that encrypts an entire volume using a unique key that is embedded on a chip soldered to a mother board is missing a very important point: what happens when the board fries?
Back to the corporate world again, I'll have a clear text backup of the data (which will be encrypted by the backup process). But for the masses of home users, alas, you'll be out of luck.
Encyption is being sold to the masses as something it isn't. It cannot solve the problem of you needed to secure your laptop, and if you are unwilling to secure your laptop, you should not put sensitive information on it.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/393/33360#33360