I tend to agree with the contention made in a current
thread, viz., "Full disk encryption must have administrative
password recovery for it to be effective" as I have too
much experience with people losing things about the time
they are fired, etc. (Some of my past involves running
large computing centers.)
So far as I know, no recovery mechanism uses threshhold
cryptography ("split-key"), but I'd be intrigued if any
did. Yes, I've written papers on this[1], so my interest
is a little more than idle curiousity. If wanting to get
really particular, the idea having a 2-for-3 quorumed
split where the laptop has one, a token contains another,
and the administrator has the third, is lightly described
in example 3 of the paper.
--dan
[1] Geer D & Yung M, "Threshold Cryptography for the Masses,"
Sixth International Financial Cryptography Conference,
11-14 March 2002, Southampton, Bermuda.
http://geer.tinho.net/geer.yung.pdf
_______________________________________________
FDE mailing list
[email protected]
http://www.xml-dev.com/mailman/listinfo/fde
