Re: anyone used disk encryption & fingerprint id software?

"jim sturtz" <jim@xxxxxxxxxxx> wrote in message
news:%23DSCcC6XFHA.1404@xxxxxxxxxxxxxxxxxxxxxxx
> hi all,
>
> thanks for the replies. surprised the essence is to distrust the software
> so much, altho we have all been bitten by software that doesnt work or
> work
> right, i figured this would be something that the vendors did better being
> that it is so critical.
>

The problem is that it works exactly as it is supposed to. If you somehow
loose the key to unencrypt the data it is lost forever. With EFS on a
standalone computer something as simple as changing your password by the
wrong method can cause the loss of the key. The most common scenario is when
some one reinstalls Windows without backing up the key. All the encrypted
data is lost. There are ways to back up the key, but restoring it is a
fairly complicated process that can go wrong. If you use EFS you must
understand and test the procedures to restore a lost key before relying on
it. I have found the best procedure is to use it only for very sensitive
data. Implement and test a key recovery procedure. Keep an unencrypted copy
of the data on a removable media. If the data is really sensitive then you
must implement a procedure to destroy old copies of the removable media and
make sure the current copy is stored in a secure place. As you can see the
procedures involved with EFS are cumbersome. You must have a backup copy of
the key stored in a safe place at all times. Most people that try it either
get lazy and loose data or finally get tired of the cumbersome procedures
and decide the data wasn't really that sensitive to start with.

Kerry


> im not doing anything super-secret just trying to avoid someone
> downloading
> my bank info, or other private stuff. i have a firewall up but there
> still
> is lots of stuff leaving my computer during the do going out to sites that
> i
> have connections to or software from them 'touching base'. i am online
> 24X7
> and am not sure how easy/hard it is to get to my computer but have a
> suspicion that a determined hacker could get in via a trojan or something
> and i would never know it.
>
> i presumed that encrypting the drive would avoid having the data
> 'readable'
> should they manage to get to it.
>
> the fingerprint thing is a lazy man's way of trying to get a strong
> username
> password combo without having to continually figure out and record (and
> change often i guess if done right) them.
>
> thanks again.
>
> jim
>
>
> "NobodyMan" <none@xxxxxxxx> wrote in message
> news:54d291de6jmigd7dm22bemjitelnlbgirq@xxxxxxxxxx
>> On Sun, 22 May 2005 14:12:35 -0400, "jim sturtz" <jim@xxxxxxxxxxx>
>> wrote:
>>
>> >i am thinking i would like to encrypt my harddrives to prevent anyone
>> >who
>> >might manage to get on it from reading things.
>> >
>> >how severe of a performance hit does the system take having this
>> >encrypt/decrypt happen on the fly?
>> >
>> >also using a fingerprint scanner to generate my username/passwords so
> that
>> >any offsite access is more confidential.
>> >
>> >how easy are these systems to use. for example my bank requires me to
> put
>> >in a username and password, does the scanner somehow create both of
> these?
>> >
>> >how do they manage this in that often websites have a variety of schemes
> for
>> >how long the username or password is supposed to be.
>> >
>> >thanks for any info.
>> >
>> >jim
>> >
>>
>> Unless you are protecting State level secrets I'd stay away from using
>> encryption on your home data. It's just an accident waiting to
>> happen.
>>
>
>


.