Jonathan Schwartz 2 said:
Stephan,
More than compelling reasons to jump to Vista right now !!!
Do you have personal knowledge of *any* OS within the market place (other
than Microsoft) that offers an application as Vista's BitLocker?
Do you actually trust the company who invented Ctrl-Alt-Delete to encrypt
your entire drive so that you cannot get to your valuable business data if
some bug shows up in your drive or BitLocker?
While the concept of BitLocker is a good idea for laptops used on the road,
you'd better make sure that you back up your BitLocker'd drive at every
opportunity to unencrypted but physically secured media.
Additionally, the newly developed hash algorithms implemented within
BitLocker and EFS is a cipher never before known and/or experienced by the
computing industry.
I haven't looked into the details of BitLocker's encryption scheme nor of
Vista's EFS encryption scheme but having a never-before-known-or-experienced
encryption scheme is not a plus at all. I assume you're pulling this out of
your hat and not from inside knowledge.
Hiding the details of an encryption does not make it secure at all. Anyone
who develops a good encryption scheme and is confident in that encryption
scheme would gladly publish the details. First, there is huge academic
value and interest in that. The rewards of developing and publishing such a
scheme much more than outweigh the cost of sharing it. And any good
encryption will withstand the scrutiny of other experts in the field. Any
knowledgable user that requires a good encryption scheme would not use one
that had not passed such scrutiny by other experts.
Any cipher that can be cracked simply by, or more easily by, knowing the
implementation details is not secure at all. While I may not personally be
up to the task, there are certainly hundreds or thousands of scientists and
experts who could easily reverse engineer any implementation and get those
details anyway.
I used EFS on my home network, and I protected my certificates by exporting
them to a diskette and tucking it away safely in my safe. I lost quite a
few important files because they weren't backed up to unencrypted media.
After a crash and reload of the OS, I confidently extracted my stored
certificates to recover from my backups and found that my diskette could not
be read!
BitLocker and EFS are not toys for the weak-of-heart. These are serious
tools for those who are willing to put forth serious effort in managing the
security of files and document that warrant those measures.
Dale