|
|
On Fri, 04 Jul 2008 11:40:39 +0200, scott wrote:
> Just use Windows built-in encryption, that works off your login password
> doesn't it? Even if the admin can remotely log in, they won't be able
> to read your encrypted files unless they somehow get your password.
If the built-in encryption keys off the login password only (ie, the
login password just unlocks the encryption key), then as an admin, you
just have to change the user's password. If there is a weakness to
encfs, that's what it is as well - the key is stored in an encrypted
keystore that's locked with the password (so I understand). But it's not
the login password, so if you root my machine and change my login
password, you're still not getting at the encrypted files.
Still, you could use something like truecrypt to get around that if it's
that critical the data be unreadable without the key.
> Or just zip things up with a password.
That's a pain to use, though - used to do that back in the early 90's - I
even wrote a wrapper program that took a randomization key and generated
a 256-character pseudo-random pkzip password for that purpose. Always
had to purge deleted files from the system after working on the code a
bit (old NetWare server, 2.15 and then 3.11).
If you don't securely wipe the unpacked files after you're done with
them, then they can be recovered from the drive with relative ease. And
while you're using them, the files are exposed.
Jim
Post a reply to this message
|
|