Disk encryption advice...
Victor Duchovni
Victor.Duchovni at morganstanley.com
Fri Oct 8 18:20:23 EDT 2010
On Fri, Oct 08, 2010 at 04:27:57PM -0400, Perry E. Metzger wrote:
> I have a client with the following problem. They would like to
> encrypt all of their Windows workstation drives, but if they do that,
> the machines require manual intervention to enter a key on every
> reboot. Why is this a problem? Because installations and upgrades of
> many kinds of Windows software require multiple reboots, and they
> don't want to have to manually intervene on every machine in their
> buildings in order to push out software and patches.
>
> (The general threat model in question is reasonably sane -- they
> would like drives to be "harmless" when machines are disposed of or if
> they're stolen by ordinary thieves, but on the network and available
> for administration the rest of the time.)
>
> Does anyone have a reasonable solution for this?
Commercial products have a mode in which you can drop the requirement
for a key for one reboot. Presumbly the key is then erased. This may
a reasonable compromise. The devil is in the details.
--
Viktor.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list