[EMAIL PROTECTED] wrote:
>
> I tend to agree with the contention made in a current
> thread, viz., "Full disk encryption must have administrative
> password recovery for it to be effective" as I have too
> much experience with people losing things about the time
> they are fired, etc. (Some of my past involves running
> large computing centers.)
>
> So far as I know, no recovery mechanism uses threshhold
> cryptography ("split-key"), but I'd be intrigued if any
> did. Yes, I've written papers on this[1], so my interest
> is a little more than idle curiousity. If wanting to get
> really particular, the idea having a 2-for-3 quorumed
> split where the laptop has one, a token contains another,
> and the administrator has the third, is lightly described
> in example 3 of the paper.
You might want to look closely at StrongAuth.
Commercial: http://www.strongauth.com/index.php
FOSS: http://www.strongkey.org/
They are doing some very interesting stuff in encryption key
creation and data loss prevention due to encryption keys being
lost or unavailable and using their work to support the FOSS version.
I can not claim to be any kind of expert in the validity of their
model or whether there might be security holes that are not yet
discovered but given that it is FOSS it is likely it will get
beat on pretty throughly as people come to know about it
Best,
Allen
_______________________________________________
FDE mailing list
[email protected]
http://www.xml-dev.com/mailman/listinfo/fde
