On Fri, Aug 17, 2007 at 05:21:16PM -0700, Alex Alten wrote:
> Agreed, for most requirements. Sometimes one may need to keep keys
> in trusted hardware only. The only real fly-in-the-ointment is that current
> hash algorithms (SHA-1, SHA-2, etc.) don't scale across multiple CPU
> cores (assuming
On Aug 19, 2007, at 12:13 PM, Ali, Saqib wrote:
On if MS provided some way to manage them centrally. Using a encrypted
DB to manually store the keys in it, is simply not feasible.
Your argument just went from "TPMs are bad for volume encryption with
BitLocker because they can't be centrally
> I still don't follow. BitLocker explicitly includes a (optionally
> file-based) recovery password. If you want central management, why
> not centrally manage _that_?
On if MS provided some way to manage them centrally. Using a encrypted
DB to manually store the keys in it, is simply not feasible
On Aug 18, 2007, at 3:30 PM, Ali, Saqib wrote:
One of the functions provided by the TPM is to wrap/bind and store the
bulk encryption keys. Now let's us say the mother board or the TPM
goes bad on your notebook or you simply want to upgrade the computer.
You need to be able to restore+transfer t
On 8/17/07, Ivan Krstic <[EMAIL PROTECTED]> wrote:
> How so? If your computer goes bad, you need a *backup*. That's
> entirely orthogonal to the drive encryption problem.
One of the functions provided by the TPM is to wrap/bind and store the
bulk encryption keys. Now let's us say the mother board
At 04:02 AM 8/17/2007 -0700, =?UTF-8?Q?Ivan_Krsti=C4=87?= wrote:
On Aug 16, 2007, at 8:30 AM, Ali, Saqib wrote:
The other problem is that it lacks any centralized management. If you
are letting TPM manage your Bitlocker keys you still need a TPM
management suite with key backup/restore/transfer/
On Aug 16, 2007, at 8:30 AM, Ali, Saqib wrote:
The other problem is that it lacks any centralized management. If you
are letting TPM manage your Bitlocker keys you still need a TPM
management suite with key backup/restore/transfer/migrate capabilities
in case your computer goes bad.
How so? If
On 8/15/07, Ed Gerck <[EMAIL PROTECTED]> wrote:
> The first is simply a MSFT Vista requirement for BitLocker file
> encryption.
I think one of the problems with Bitlocker is that it is only
available in Vista Business Edition purchased under MS Software
Assurance (SA). Not many shops have the MS
The first is simply a MSFT Vista requirement for BitLocker file
encryption. The second is for example present in ACER laptops
(Aspire 5920) as eLock -- it allows you to protect and then
unlock storage devices that can be mounted as a file system when
plugged into the trusted system (the laptop), or
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steven M. Bellovin
Sent: Wednesday, August 15, 2007 9:25 AM
To: cryptography@metzdowd.com
Subject: New DoD encryption mandate
According to http://www.fcw.com/article103467-08-13-07-Print the US
Defense Department has mandated
According to http://www.fcw.com/article103467-08-13-07-Print the US
Defense Department has mandated that all sensitive but unclassified
information on mobile devices must be encrypted in compliance with FIPS
140-2. "Mobile devices" include laptops, PDAs, CDs, flash drives, etc.
--
11 matches
Mail list logo