 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Jim Henderson wrote:
> That's good to know - I know this can be implemented a number of
> different ways, and not being a Windows user, I wasn't sure which method
> was used.
The main drawback, of course, is that you're still limited by your login
password's length. You can't have a 90-character pass phrase locking the
files like you can in some other systems. But it's probably good enough
to keep out random curiousity seekers, general laptop thieves, and so
on. Just don't store your child porn that way and expect to get away
with it. I wouldn't trust lives to it, but it *is* convenient that you
can encrypt some files and not others.
Plus, I'm pretty sure that if you (say) encrypt files on a USB drive,
the actual private key to decrypt the files isn't on the drive itself.
Rather, it's only stored on the C: drive on the machine you log in
to[1]. So if you encrypt your backups, it's probably pretty secure, and
certainly better than nothing.
[1] Bonus points to any flames about AD, that you can install windows on
something other than C:, and so on.
--
Darren New / San Diego, CA, USA (PST)
Helpful housekeeping hints:
Check your feather pillows for holes
before putting them in the washing machine.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Darren New wrote:
> [1] Bonus points to any flames about AD, that you can install windows on
> something other than C:, and so on.
Writing "C:" is much shorter than writing "the local hard drive(s)". ;-)
I know nothing about file-level encryption on the Windoze platform (not
something I ever use), but I would *presume* that for local user
accounts, the encryption key is in the registry somewhere, whereas for
network used accounts it'll be in the Active Directory somewhere [where
the sysadmin can get at it].
I'm far more concerned about the fact that we routinely email stuff to
people using password-protected Zip files, which are apparently
trivially crackable. :-S Still, all those customers who are serious
about security make us use some kind of SSH/SSL encrypted remote access
system rather than just email. ;-)
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Sun, 06 Jul 2008 10:48:57 -0700, Darren New wrote:
> Jim Henderson wrote:
>> That's good to know - I know this can be implemented a number of
>> different ways, and not being a Windows user, I wasn't sure which
>> method was used.
>
> The main drawback, of course, is that you're still limited by your login
> password's length. You can't have a 90-character pass phrase locking the
> files like you can in some other systems. But it's probably good enough
> to keep out random curiousity seekers, general laptop thieves, and so
> on. Just don't store your child porn that way and expect to get away
> with it. I wouldn't trust lives to it, but it *is* convenient that you
> can encrypt some files and not others.
What is the current max length of a Windows password? I know my 20-
character password had to be cut down to 14 IIRC on WinNT and possibly
Win2K - the dumb thing seemed to be that when setting the password, the
password got truncated and then hashed, but when checking, it was hashed
as is (or vice versa), so if you set your password to a value that was
too long, you could never login.
> Plus, I'm pretty sure that if you (say) encrypt files on a USB drive,
> the actual private key to decrypt the files isn't on the drive itself.
> Rather, it's only stored on the C: drive on the machine you log in
> to[1]. So if you encrypt your backups, it's probably pretty secure, and
> certainly better than nothing.
That's handy.
> [1] Bonus points to any flames about AD, that you can install windows on
> something other than C:, and so on.
Not sure I follow here - unless you're saying that with AD the key isn't
stored on the local machine...
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Sun, 06 Jul 2008 18:15:55 +0100, Orchid XP v8 wrote:
>>> You do realize that if it's a company machine, he controls the boot
>>> order.
>>
>> Yes, but (IIRC) in this part of the discussion it was said that it
>> would be difficult for the manager of a company to prevent system
>> administrators to read confidential information.
>>
>> If you are the manager, you can instruct system administrators to set
>> the desired boot order on your PC.
>
> If you are the manager, you can instruct the system administrators to
> keep out of your files. Why are we having this discussion again? ;-)
Because not all sysadmins follow their manager's instructions.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Jim Henderson wrote:
> What is the current max length of a Windows password?
I'm not sure, and it changes depending what you're doing. Just logging
in locally? Logging into a domain? Talking over SAMBA? Talking to a
non-windows-NT SAMBA? It's at least 14 characters, and if you make it
that long, the 7+7 broken hash in the login doesn't work any more.
(I.e., at 14+ characters, you can't brute force it nearly as easily as
at 13 characters, because Windows no longer exhibits the flaw that makes
it easy to crack.)
>> [1] Bonus points to any flames about AD, that you can install windows on
>> something other than C:, and so on.
>
> Not sure I follow here - unless you're saying that with AD the key isn't
> stored on the local machine...
Only that saying "C:" is a generic term, and I'm aware of that fact.
--
Darren New / San Diego, CA, USA (PST)
Helpful housekeeping hints:
Check your feather pillows for holes
before putting them in the washing machine.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Orchid XP v8 wrote:
> If you are the manager, you can instruct the system administrators to
> keep out of your files. Why are we having this discussion again? ;-)
That reminds me of a tip on how to enforce a singleton in C++; that is,
how to make sure noone instantiates a particular class. The following
code will do the trick:
// If you instantiate the following class you WILL BE FIRED!!!
class Singleton {
...
...Chambers
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Darren New wrote:
>
> Plus, I'm pretty sure that if you (say) encrypt files on a USB drive,
> the actual private key to decrypt the files isn't on the drive itself.
> Rather, it's only stored on the C: drive on the machine you log in
> to[1]. So if you encrypt your backups, it's probably pretty secure, and
> certainly better than nothing.
>
And if you *need* those backups, 'cause the darn HD of the workstation
crashed, they are extremely secure? :)
--
Eero "Aero" Ahonen
http://www.zbxt.net
aer### [at] removethis zbxtnetinvalid
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Eero Ahonen wrote:
> So... If we have 4 men, with intelligences 1, 8, 9 and 9, the average is
> (1+8+9+9)/4=6,75, so 75% of men are more intelligent than average person
> (who, if he existed, would be over 6 times as intelligent as the dumpest
> one).
I usually drop the outliers (top and bottom quartiles) first. That
would leave us with (8+9)/2=8.5 average, with an even 50% split :)
...Chambers
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
scott wrote:
>> Very, very few people are capable of coming up with strong passwords
>> that they can actually remember.
>
> Especially when some stupid system forces you to change it every month.
>
This exact policy has led most passwords in the bank I work in to be a
combination of a random prefix and a numerical postfix. When it's time
to change the password, you just increment the postfix, and done.
...Chambers
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Chambers wrote:
>
> This exact policy has led most passwords in the bank I work in to be a
> combination of a random prefix and a numerical postfix. When it's time
> to change the password, you just increment the postfix, and done.
Well done, if the prefixes really are random. Usually they go as
"monday.1", "monday.2" etc...
> ...Chambers
--
Eero "Aero" Ahonen
http://www.zbxt.net
aer### [at] removethiszbxtnetinvalid
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
|
|
