That is mistaken. In Windows XP, workstations not connected with a domain have an additional key that is not backed up. I don't know if that was fixed in later versions of Windows. Read the links I gave below.
"I do not remember precisely, but I think that password (user's, not
generated) in particular is also used as part of the decryption key."
Yes, that's right. Parts of the encryption key were the keys made by
the user, the user's Windows password, and another key associated with the
user's particular installation of Windows.
If the computer was associated with a domain, then the key was
recoverable if there was a hard drive failure, because the entire encryption
key, containing all three parts, was stored on the server.
If the computer was not associated with a domain, and there was a hard
drive failure, the data was lost. There was discussion on Microsoft support
forums about the cruelty of the situation. None of the Microsoft documentation
indicated the limitations, and users often lost their hard work.
Eventually companies like Elcomsoft began selling software that would
break the encryption.
Possibly EFS was fixed in Windows 7. Before that, part of the encryption key was the Windows user password and a key generated specifically for that installation of Windows.
Elcomsoft is a famous Russian company. Quote from Wikipedia: "On July 16, 2001, Dmitry Sklyarov, a Russian citizen employed by ElcomSoft who was at the time visiting the United States for DEF CON, was arrested and jailed for allegedly violating the United States DMCA law by writing ElcomSoft's Advanced eBook Processor software. A landmark court case ensued, setting precedents and attracting much public attention and protest. On December 17, 2002, ElcomSoft was found not guilty of all four charges under the DMCA."
The problems with EFS were acknowledged by Microsoft employees. People have discussed losing data on Microsoft professional discussion boards. Elcomsoft sells software designed to recover data lost because of the poor design of EFS.
TrueCrypt is reliable, reputable, fast, free, open source, and works on Windows, Mac OS X, and Linux. The TrueCrypt documentation is very good, but not perfect. TrueCrypt can make an encrypted drive letter or encrypt and entire partition, even the boot partition.
Only open source encryption should be accepted, since the U.S. government has decided it can force executives of corporations to work in secret to help gather data from or about users. If software is not open source, there may be hidden methods of decryption.
That's a mistake. The built-in Windows Encrypting File System (EFS) is safe only if you are connected with a domain. Anyone using a workstation not connected with a domain will lose ALL encrypted data if Windows is re-installed on the workstation. Having a backup of the keys is not enough.
EFS is just one example of deep flaws in software from Microsoft that don't get much publicity, in my opinion.
I think this is an important point: You can make a TrueCrypt-encrypted file that is almost as large as the USB drive capacity. There seems to be no performance loss when doing that.
Then you can put a copy of TrueCrypt, unencrypted on the USB drive, also, and any other files you may not want to encrypt.
I use a 4 GB TrueCrypt-encrypted file that is a little smaller than the space on a blank DVD. That facilitates easy backups. The encrypted file on the DVD can be mounted and read also; that works very well.
That's interesting. My understanding is that applies to encrypted partitions, and only an encrypted partition not on a main hard drive.
I've found that TrueCrypt is excellent and fast at handling file-based encryption, so rather than encrypting an entire partition on a secondary hard drive, it is possible to use a file that fills that partition.
Agreed. Adobe has been taking Creative Suite backwards in some ways. Why? Incompetence? Does Adobe want to create problems users will pay to fix later?
"... competition going on in Adobe to see if the Flash or Acrobat teams can collect the most security advisories?"
There seems to be a social breakdown at Adobe. There are a lot of issues that aren't being managed well. For example, we bought Adobe Creative Suite 3 (before CS4 was released). The CD had an old version. To get the newest version it was necessary to download a 320 Megabyte file, on the same week that Adobe shipped the CD.
The new Acrobat takes longer to make.PDF files than the older versions. When we talked to people at Adobe about that, we got evasive replies.
The 1,990-page health care bill (PDF) is ugly. It's full of
insufficiently rigorous thinking and poor quality communication.
Most of the manner in which the new legislation will operate is not
specified in the bill. For example, on page 77 it says, "The Secretary
shall adopt and regularly update standards consistent with the goals described
in paragraph (2)."
The U.S. Congress uses an outdated font. It is not
possible to generate a readable copy because each line is preceded by a
number. There are numerous quirks, like sometimes capitalizing the word
"website".
Here is a guess: Possibly there is no one in the media who writes
about the bill who has actually read and understood the bill.
Still, in my opinion the bill is better than nothing. As many have
mentioned, the present U.S. health care system would otherwise be one of the
biggest causes of U.S. government bankruptcy.
You didn't think carefully. Microsoft was forced to make an XP compatibility mode. Otherwise that would require corporate users to re-write some of their software before migrating to Windows XP.
But, possibly the intent of not making the XP compatibility mode work with most older computers was to try to force a hardware upgrade. Remember, we are not Microsoft's customers. Computer makers are Microsoft's customers. Computer makers want to force as many people as possible to buy new computers. Microsoft wants to force as many people as possible to buy new computer so that they will buy another copy of Windows.
It scans both the front and back of a page in 2 seconds, in one pass. If
the back is blank, the back is ignored.
It automatically feeds oddly sized pages intermixed with standard pages.
The software supplied accurately OCRs the scanned pages and makes a
searchable PDF file.
It is possible to select words and sentences in the PDF file and copy them to
the clipboard.
It is very small. It doesn't take much desk space.
The bad:
It does not use TWAIN drivers. It uses proprietary drivers.
It does not have a flat glass copying surface. Everything to be copied
must be a thin sheet.
The sheet feeder takes a maximum of maybe 50 pages.
The supplied software is copy protected. If the sofware company decides to stop supporting the supplied version, it is possible to force additional payment. Or maybe force the purchase of new hardware. That is our understanding.
Quote: "... FOSS projects are very particular about their UI, even if they don't know what they're doing..."
I've had the same experience with documentation. I've tried to help, but some FOSS programmers don't want their inadequate, poor quality explanations changed.
That's excellent. They're the right size, the smallest I've seen. However, in 10,000 quantities they cost $2.65. I'm surprised they are so expensive. That's more than the cost of an entire 8088 microprocessor.
We don't need a lot of functionality. We just need the RFID chip to say, "Hi, I'm 5633984." Or, whatever number was permanently assigned.
It seems that the limiting factor in RFID adoption worldwide is that all the makers are trying to serve companies who are using RFID tags for large boxes of inventory. There don't seem to be any forward-thinking manufacturers.
Apparently the manufacturers want to charge $1 per tag and want the users to throw the tags away after use.
We need small tags with a limited range. We need each tag to have a unique random number code. We don't need to be able to change the codes.
Slashdot Mirror
"I'm pretty sure..."
That is mistaken. In Windows XP, workstations not connected with a domain have an additional key that is not backed up. I don't know if that was fixed in later versions of Windows. Read the links I gave below.
"I do not remember precisely, but I think that password (user's, not generated) in particular is also used as part of the decryption key."
Yes, that's right. Parts of the encryption key were the keys made by the user, the user's Windows password, and another key associated with the user's particular installation of Windows.
If the computer was associated with a domain, then the key was recoverable if there was a hard drive failure, because the entire encryption key, containing all three parts, was stored on the server.
If the computer was not associated with a domain, and there was a hard drive failure, the data was lost. There was discussion on Microsoft support forums about the cruelty of the situation. None of the Microsoft documentation indicated the limitations, and users often lost their hard work.
Eventually companies like Elcomsoft began selling software that would break the encryption.
Possibly EFS was fixed in Windows 7. Before that, part of the encryption key was the Windows user password and a key generated specifically for that installation of Windows.
For a discussion of the issues, read page 5 of this PDF file from Elcomsoft, which I just found: Advantages and disadvantages of EFS.
Elcomsoft is a famous Russian company. Quote from Wikipedia: "On July 16, 2001, Dmitry Sklyarov, a Russian citizen employed by ElcomSoft who was at the time visiting the United States for DEF CON, was arrested and jailed for allegedly violating the United States DMCA law by writing ElcomSoft's Advanced eBook Processor software. A landmark court case ensued, setting precedents and attracting much public attention and protest. On December 17, 2002, ElcomSoft was found not guilty of all four charges under the DMCA."
The problems with EFS were acknowledged by Microsoft employees. People have discussed losing data on Microsoft professional discussion boards. Elcomsoft sells software designed to recover data lost because of the poor design of EFS.
Yes, I believe TrueCrypt is the best encryption software. TrueCrypt meets all the requirements, including avoiding vendor lock-in.
See this comment from 2005: EFS & stand-alone computers? Can you make it work?
TrueCrypt is reliable, reputable, fast, free, open source, and works on Windows, Mac OS X, and Linux. The TrueCrypt documentation is very good, but not perfect. TrueCrypt can make an encrypted drive letter or encrypt and entire partition, even the boot partition.
Only open source encryption should be accepted, since the U.S. government has decided it can force executives of corporations to work in secret to help gather data from or about users. If software is not open source, there may be hidden methods of decryption.
That's a mistake. The built-in Windows Encrypting File System (EFS) is safe only if you are connected with a domain. Anyone using a workstation not connected with a domain will lose ALL encrypted data if Windows is re-installed on the workstation. Having a backup of the keys is not enough.
EFS is just one example of deep flaws in software from Microsoft that don't get much publicity, in my opinion.
I understand better now.
I think this is an important point: You can make a TrueCrypt-encrypted file that is almost as large as the USB drive capacity. There seems to be no performance loss when doing that.
Then you can put a copy of TrueCrypt, unencrypted on the USB drive, also, and any other files you may not want to encrypt.
I use a 4 GB TrueCrypt-encrypted file that is a little smaller than the space on a blank DVD. That facilitates easy backups. The encrypted file on the DVD can be mounted and read also; that works very well.
That's interesting. My understanding is that applies to encrypted partitions, and only an encrypted partition not on a main hard drive.
I've found that TrueCrypt is excellent and fast at handling file-based encryption, so rather than encrypting an entire partition on a secondary hard drive, it is possible to use a file that fills that partition.
"BTW, I learned the hard way that Truecrypt is incompatible with any on-the-fly disk imagers." [Edited to be more readable.]
I don't understand that. I've never seen any incompatibility. Could you explain how Truecrypt is incompatible, and with what disk imagers?
Very funny. I like it that his voice gives no indication that what he says is completely fiction.
"... startup time and responsiveness."
Agreed. Adobe has been taking Creative Suite backwards in some ways. Why? Incompetence? Does Adobe want to create problems users will pay to fix later?
"... competition going on in Adobe to see if the Flash or Acrobat teams can collect the most security advisories?"
.PDF files than the older versions. When we talked to people at Adobe about that, we got evasive replies.
There seems to be a social breakdown at Adobe. There are a lot of issues that aren't being managed well. For example, we bought Adobe Creative Suite 3 (before CS4 was released). The CD had an old version. To get the newest version it was necessary to download a 320 Megabyte file, on the same week that Adobe shipped the CD.
The new Acrobat takes longer to make
That link only works in Internet Explorer.
That document is 2409 pages of italics!!
Submit that as a Master's thesis and get expelled from the university.
That was NOT passed. It will be considered.
All the confusion demonstrates the fact that there is little concern for real openness.
Where is your link to the "updated version"?
I want to download the bill from a government web site, not CBS News.
Here's a link if you would like to read the health care bill (PDF). It is 1,990 pages.
The 1,990-page health care bill (PDF) is ugly. It's full of insufficiently rigorous thinking and poor quality communication.
Most of the manner in which the new legislation will operate is not specified in the bill. For example, on page 77 it says, "The Secretary shall adopt and regularly update standards consistent with the goals described in paragraph (2)."
The U.S. Congress uses an outdated font. It is not possible to generate a readable copy because each line is preceded by a number. There are numerous quirks, like sometimes capitalizing the word "website".
Here is a guess: Possibly there is no one in the media who writes about the bill who has actually read and understood the bill.
Still, in my opinion the bill is better than nothing. As many have mentioned, the present U.S. health care system would otherwise be one of the biggest causes of U.S. government bankruptcy.
"Your premise is moronic."
You didn't think carefully. Microsoft was forced to make an XP compatibility mode. Otherwise that would require corporate users to re-write some of their software before migrating to Windows XP.
But, possibly the intent of not making the XP compatibility mode work with most older computers was to try to force a hardware upgrade. Remember, we are not Microsoft's customers. Computer makers are Microsoft's customers. Computer makers want to force as many people as possible to buy new computers. Microsoft wants to force as many people as possible to buy new computer so that they will buy another copy of Windows.
The good:
The bad:
Thanks very much. I will investigate.
Thanks very much. That has likely saved me many hours of looking. I had looked before and called several companies, and gotten no help.
Quote: "... FOSS projects are very particular about their UI, even if they don't know what they're doing..."
I've had the same experience with documentation. I've tried to help, but some FOSS programmers don't want their inadequate, poor quality explanations changed.
That's excellent. They're the right size, the smallest I've seen. However, in 10,000 quantities they cost $2.65. I'm surprised they are so expensive. That's more than the cost of an entire 8088 microprocessor.
We don't need a lot of functionality. We just need the RFID chip to say, "Hi, I'm 5633984." Or, whatever number was permanently assigned.
I should have said also that we need to be able to re-use the tags.
Thanks. That's interesting. However, the smallest RFID tags they have are 1.5 inches x 0.89 inches.
It seems that the limiting factor in RFID adoption worldwide is that all the makers are trying to serve companies who are using RFID tags for large boxes of inventory. There don't seem to be any forward-thinking manufacturers.
Apparently the manufacturers want to charge $1 per tag and want the users to throw the tags away after use.
We need small tags with a limited range. We need each tag to have a unique random number code. We don't need to be able to change the codes.