BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Full disk encryption

Subject: [Discuss] Full disk encryption
From: richard.pieri at gmail.com (Richard Pieri)
Date: Tue, 3 Jan 2012 19:48:39 -0500
In-reply-to: <CAOxrMGgEWPjQ=kJJpnxNVhN5BLB4U8HwuROY1f7KHMRxD=tFVg@mail.gmail.com>
References: <4F025206.5000905@vl.com> <CADdmjq9qj_jN+0y+RC1-5RYFmUFYQcQ6QRkvtrMgYrnH8GkgiQ@mail.gmail.com> <CAOxrMGgEWPjQ=kJJpnxNVhN5BLB4U8HwuROY1f7KHMRxD=tFVg@mail.gmail.com>

On Jan 3, 2012, at 9:09 AM, Kyle Leslie wrote:
> 
> One of the huge benefits I think is that the encryption keys/recovery keys
> can be stored in AD.  So that if you need to unlock or change the drives
> around you don't need to have the user store that some place to get
> lost/stolen.  It stores in AD and can be recovered when we need it.

This is, of course, the singular benefit of key escrow.  Of course, if your AD is compromised then the attacker has access to *all* of your escrowed keys.

--Rich P.

References:
- [Discuss] Full disk encryption
  - From: tmetro-blu at vl.com (Tom Metro)
- [Discuss] Full disk encryption
  - From: omegahalo at gmail.com (Chris O'Connell)
- [Discuss] Full disk encryption
  - From: fbxxkl at gmail.com (Kyle Leslie)

Prev by Date: [Discuss] Full disk encryption
Next by Date: [Discuss] Full disk encryption and backups
Previous by thread: [Discuss] Full disk encryption
Next by thread: [Discuss] Full disk encryption
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org