Slashdot Mirror
Whole Disk Encryption For Vista?
Q7U writes "After reading about several laptop thefts and losses, my boss wants me to set up whole disk encryption for her Vista travel laptop. After doing some research, it seems she has three options: Bitlocker (part of Vista Ultimate), PGP Whole Disk Encryption, and TrueCrypt. My main problem now is choosing one. I can't find any comparitive reviews of these products to determine which will be the best choice, so I was hoping the Slashdot crowd could suggest which product they would go with and tell us what they liked about their choice."
Hardware based encryption - have IT put in an FDE Drive. While software based encryption options are good, and most certainly better than nothing, the only really secure way to go is Hardware based.
Prediction: The real iPhone killer is going to be sex robots from Japan. Think about it.
Does she even fly at all?
Customs, at least, has been known to demand the keys to a laptop, and having it obviously encrypted could delay travel significantly.
Also, there are significant problems with at least some FDE products, currently -- the "cold boot" cracks, in particular. Does she shut her laptop down every time, or only leave it on standby? Does the software actually purge the key from RAM on shutdown?
Other than that, well, do your own damned homework.
I'd suggest BitLocker, mostly because it's built-in -- kind of like, "What would you suggest for unzipping files in Windows XP?" Well, probably the "Compressed Folder" feature, right?
Under other circumstances, I'd recommend Truecrypt or dm_crypt, because you really should be using open source software for anything sensitive -- but you specifically asked for Vista, so that's fairly moot.
But I haven't done my homework.
Don't thank God, thank a doctor!
Actually the password generator I wrote makes 'speakable' password. These tend to be much easier to remember. so instead of 7yg$rt0 you get something like qB3r7! (ie qbert! short for the sake of the conversation).
We do allow them to set their own password if the really throw a fit, but it has to conform to our password policy (min 8 characters mixed). We figure that is enough security for us.
We did a testing rollout with our IT department first and then picked our worst users for a second test. Once we were sure they had no issues, we rolled out to everyone. If truecrypt supported usb key + password authentication for full disk encryption we would probably implement that on our 'high risk' systems.
Most of our systems are not high risk, they contain no 'dangerous' information such as student information. We decided to encrypt everything simply to get all of our users used to the idea of full disk and usb stick (all usb sticks are also to use truecrypt) encryption. We want to engrain this into the culture so that when someone does have a job where sensitive data might be transported on a notebook (say our CFO) they are already used to the idea.
There really are folks stuck on connections that slow or even slower.
Conventional GSM dialup for example is only 9.6kbps. Sure there is HSCSD and GRPS but I don't think they are universally supported.
and I don't think I've ever seen a 56K dialup connection. In my experiance called 56K modems connect at fourty something at best and on crappy lines much much slower.
And of course there are people stuck with no connection (or no affordable connection) at all.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
Thats very depressing my friend, very depressing. How could it possibly make more sense to work around the limitations of 14.4k than to use a sat link?
Thanks for the info. I'm more than old enough, but I was primarily a Mac user at the time when that virus came out, it turns out. Interestingly, the link you gave describes it as KOH, not KoH, and even calls it "the potassium hydroxide program"!
...the future crusty old bastards are already drinking the Kool-Aid.