10 Dec
2010
10 Dec
'10
8:29 a.m.
On 12/10/2010 8:21 AM, Florian Weimer wrote:
I believe EFS is available in Windows XP and Windows 2003 Server, too.
Software-based solutions have the advantage that they are somewhat more testable and reviewable. If it's all in the disk, you can't really be sure that the data is encrypted with a static key, and the passphrase is used for access control only. The latter approach seems to be somewhat common with encrypting storage devices, unfortunately.
After some research, I find that recovery of EFS (available for Win 2000/2003/XP/Vista/7) encrypted files in the case of disaster can be problematic. It has to do with keys, file ownerships, etc., etc., etc. Plan for disaster and know how to recover before you encrypt with EFS. --Curtis