On Fri, Aug 17, 2007 at 05:21:16PM -0700, Alex Alten wrote:
Agreed, for most requirements. Sometimes one may need to keep keys
in trusted hardware only. The only real fly-in-the-ointment is that current
hash algorithms (SHA-1, SHA-2, etc.) don't scale across multiple CPU
cores (assuming you
On 8/17/07, Ivan Krstic [EMAIL PROTECTED] wrote:
How so? If your computer goes bad, you need a *backup*. That's
entirely orthogonal to the drive encryption problem.
One of the functions provided by the TPM is to wrap/bind and store the
bulk encryption keys. Now let's us say the mother board or
On Aug 18, 2007, at 3:30 PM, Ali, Saqib wrote:
One of the functions provided by the TPM is to wrap/bind and store the
bulk encryption keys. Now let's us say the mother board or the TPM
goes bad on your notebook or you simply want to upgrade the computer.
You need to be able to restore+transfer
I still don't follow. BitLocker explicitly includes a (optionally
file-based) recovery password. If you want central management, why
not centrally manage _that_?
On if MS provided some way to manage them centrally. Using a encrypted
DB to manually store the keys in it, is simply not feasible.
On Aug 19, 2007, at 12:13 PM, Ali, Saqib wrote:
On if MS provided some way to manage them centrally. Using a encrypted
DB to manually store the keys in it, is simply not feasible.
Your argument just went from TPMs are bad for volume encryption with
BitLocker because they can't be centrally
On Aug 16, 2007, at 8:30 AM, Ali, Saqib wrote:
The other problem is that it lacks any centralized management. If you
are letting TPM manage your Bitlocker keys you still need a TPM
management suite with key backup/restore/transfer/migrate capabilities
in case your computer goes bad.
How so? If
At 04:02 AM 8/17/2007 -0700, =?UTF-8?Q?Ivan_Krsti=C4=87?= wrote:
On Aug 16, 2007, at 8:30 AM, Ali, Saqib wrote:
The other problem is that it lacks any centralized management. If you
are letting TPM manage your Bitlocker keys you still need a TPM
management suite with key
