coderman wrote: > On 3/5/07, Michael Jardine <[EMAIL PROTECTED]> wrote: >> Most enterprise encryption software has key recovery that can be managed >> through your admin. > > i suppose this gets (back) to the heart of the matter: key management.
Actually there are a number of alternatives to key management that do not require connection to the net to recover data or lost keys. There is a mechanism in one FDE product that allows key recovery with a string generated by a help desk person on a server after a user calls in information displayed on their screen. Can't recall exactly which of several products I looked at recently that does it that way. There is another that supposedly can be done all locally by following a process that displays pre-boot. I haven't actually seen it in action so I don't know the details. Then there is StrongAuth which does it by having multiple certificates stored on a machine so that even if the owner of the computer is killed or otherwise incapacitated, a person who has a certificate on the machine can access the common data. This would work very well in emergency services in that data entered by an EMT could be read by another EMT or other role that has higher privileges such as an emergency room nurse or doctor. I'm not totally clear on the process having only looked at the model. In any case, you are both quite correct, IMHO, that key and identity management is really the sticky wicket, not the actual encryption part, because of human factors. Best, Allen _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
