RE: Encrypted partition solution for Windows OSes?

From: Colin Stefani (cstefani@tideworks.com)
Date: 03/22/02


From: Colin Stefani <cstefani@tideworks.com>
To: "'Brian Burrington'" <Brian.Burrington@LABONE.com>, "'focus-ms@securityfocus.com'" <focus-ms@securityfocus.com>
Date: Fri, 22 Mar 2002 14:52:11 -0800

Look here:

http://www.pgpi.org/

Check out GPG and PGP (PGP disk is here too). This an international PGP site
that makes PGP available to all people, rather than just inside the US they
took the PGP open source in print form and OCR scanned it, proofed it and
rebuild PGP under it's GNU license for worldwide distribution.

It's not commercial, which depending on your company, may make people
nervous. However it's the same source as NAI's. PGPDisk is available here
too. Since NAI doesn't have a patent or rights over the actual encryption
code and initial software, they could only package it and additional
functionality to the public code. This means that almost all of this source
is public anyway in one form or another. So commercial or not, it's still
moving forward in development.

Have you looked at EFS and requiring a SmartCard sign on only to the laptop?
I think there is some work going on with that too. Also, you could try
looking at biometric solutions that intergrate with Windows login. I don't
know of those but it's worth a look.

-colin

-----Original Message-----
From: Brian Burrington [mailto:Brian.Burrington@LABONE.com]
Sent: Friday, March 22, 2002 11:38 AM
To: 'focus-ms@securityfocus.com'
Subject: Encrypted partition solution for Windows OSes?

Howdy,

As I have the sneaking suspicion that this problem has already been
solved by others, I'm asking the list for advice.

I am looking for a "PGP Disk" like utility that will run on Win9x,
Win2000Pro, and Win XP.
Specifically, we'd like to be able to encrypt a partition on our executives'
laptops,
and provide them with the key on either a business card sized CD-R or USB
"keychain drive".

Also, I've done some looking into the Win2000 EFS (encrypted file system)
and I'm not 100% convinced that it's a good solution. My definition for a
"good solution" as relates to this business need is that in the event an
exectutive's laptop is stolen, the
person(s) who are in
possession of the system will not be able to access the contents of the
encrypted partition
(with the understanding that a beowulf cluster of Cray supercomputers or the
like might be
able to do it). :-)

Now that PGP Disk is no longer available from NAI, does anyone know of any
alternatives, either
commercial, Open Source, or FSF liscensing is acceptable.

Thanks in advance for any suggestions.

B.

This transmission (and any information attached to it) may be confidential
and is intended solely for the use of the individual or entity to which it
is addressed. If you are not the intended recipient or the person
responsible for delivering the transmission to the intended recipient, be
advised that you have received this transmission in error and that any use,
dissemination, forwarding, printing, or copying of this information is
strictly prohibited. If you have received this transmission in error, please
immediately notify LabOne at (800)388-4675.