Nick,
Good questions and I'll try to clarify. My biggest concern is that the
user's laptop will be stolen or lost. I would like the index to be encrypted
in a way that only somebody who knows a certain password can access the
index. NTFS encryption may work as long as whoever gets hold of the machine
can't log in. But I would prefer if I could set things up that the user has
to enter a password when the index gets created and has to enter the
password whenever he starts my app.
I have looked into TrueCrypt to create an encrypted virtual disk but I am a
little bit worried about the installation and configuration.
Hans
----------------------------------------------------------------------------
--------------
Hans,
While I've seen other responses here, you haven't indicates exactly
^what^ constitutes "unauthorized access". Does that mean someone who can
authenticate against the domain to be a certain user, or some other
criteria?
You need to define the threats, the surface area for attacks, etc,
etc.
It would seem like you want to use an additional shared-secret in
order to access the data, which would mean that you have to query for this
shared secret in your application, no matter what encryption technology is
used. If you are using passwords, then you need to enforce password
strength; things such as minimum lengths, use of non-alpha-numeric
characters, checks against frequency of characters in the password and
dictionary checks should be standard.
Or, you could use a smart card with a client certificate as the
shared secret, or any combination of things (biometrics, etc, etc).
The point is, until you define what you have, and what the
requirements are ("protect the index from unauthorized index" is just way to
vague), you're just stabbing in the dark.
- Nick
