On Fri, Oct 08, 2010 at 04:27:57PM -0400, Perry E. Metzger wrote:

> I have a client with the following problem. They would like to
> encrypt all of their Windows workstation drives, but if they do that,
> the machines require manual intervention to enter a key on every
> reboot. Why is this a problem? Because installations and upgrades of
> many kinds of Windows software require multiple reboots, and they
> don't want to have to manually intervene on every machine in their
> buildings in order to push out software and patches.
> (The general threat model in question is reasonably sane -- they
> would like drives to be "harmless" when machines are disposed of or if
> they're stolen by ordinary thieves, but on the network and available
> for administration the rest of the time.)
> Does anyone have a reasonable solution for this?

Commercial products have a mode in which you can drop the requirement
for a key for one reboot. Presumbly the key is then erased. This may
a reasonable compromise. The devil is in the details.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to