Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.
Hi all, please see this major site announcement: https://www.boards.ie/discussion/2058427594/boards-ie-2026

Laptop encryption

2»

Comments

  • #32
    Tinytony
    Registered Users, Registered Users 2 Posts: 525 ✭✭✭Tinytony


    Sorry to drag this up again.

    Am I right in saying that if a user forgets there password for Truecrypt then they are completely locked out of that machine forever? Is there any method of recovery or an over riding admin password that can be used?

    I just don't think I could trust these users to remember their passwords and I obviously don't want to record their passwords on a file.


  • #33
    Martyr
    Closed Accounts Posts: 1,567 ✭✭✭Martyr


    in the FAQ it says you'd have to crack the password.

    you could put the passwords in a file, encrypt it and store on cd-rom..place in a book shelf or somewhere it won't get lost or damaged, just incase you need to recover any data.


  • #34
    Tinytony
    Registered Users, Registered Users 2 Posts: 525 ✭✭✭Tinytony


    Martyr wrote: »
    in the FAQ it says you'd have to crack the password.

    you could put the passwords in a file, encrypt it and store on cd-rom..place in a book shelf or somewhere it won't get lost or damaged, just incase you need to recover any data.

    Ya that is what I was thinking of doing but I wasn't entirely happy with the idea the passwords all being written down together.

    With Safeboot you could have a master account that could access any machine, without needing to know the individual user passwords. But with true crypt being a free software I suppose you can't really expect to have the same level of "enterprise" features available.


  • #35
    Martyr
    Closed Accounts Posts: 1,567 ✭✭✭Martyr


    With Safeboot you could have a master account that could access any machine, without needing to know the individual user passwords. But with true crypt being a free software I suppose you can't really expect to have the same level of "enterprise" features available.

    that definitely would be useful, if you made a donation/request they might implement such a feature :)

    actually, there appears to be some kind of rescue disk, would that work?

    http://www.truecrypt.org/docs/rescue-disk


  • #36
    Tinytony
    Registered Users, Registered Users 2 Posts: 525 ✭✭✭Tinytony


    Martyr wrote: »
    that definitely would be useful, if you made a donation/request they might implement such a feature :)

    actually, there appears to be some kind of rescue disk, would that work?

    http://www.truecrypt.org/docs/rescue-disk

    Na, I was just testing that there. The rescue disk is only in the event the Boot Loader gets corrupted or repairing the master key data, but again you need to have the correct password to boot up after the repair.

    I think I might just go with the Encrypted Container option, make it IT policy that any company or client data must be stored within this container and leave the onus back on the user to use the encryption software that I so kindly made available to them.

    It's far from ideal but at least I can say I made the effort to provide them with a secure encrypted way of transporting client files.


  • Advertisement
  • #37
    fergalr
    Registered Users, Registered Users 2 Posts: 1,922 ✭✭✭fergalr


    Tinytony wrote: »
    Na, I was just testing that there. The rescue disk is only in the event the Boot Loader gets corrupted or repairing the master key data, but again you need to have the correct password to boot up after the repair.

    I think I might just go with the Encrypted Container option, make it IT policy that any company or client data must be stored within this container and leave the onus back on the user to use the encryption software that I so kindly made available to them.

    Users won't do that. There will be programs storing unencrypted temporary copies of important documents outside the container, unless users are extremely careful. Also, users will accidentally leave important documents on the desktop. It's still better than nothing, but better off with whole disk encryption.
    If you are critically concerned that they won't be able to use a computer at all if they use their passwords, maybe give them some sort of bootable liveCD or usb key. Or just make them remember their password - if they are entering it in every day, they won't forget it.
    Tinytony wrote: »
    It's far from ideal but at least I can say I made the effort to provide them with a secure encrypted way of transporting client files.


    What's wrong with storing the passwords encrypted at some sort of a secure location? How is this any different than having a rescue/recovery disk at a secure location? In either case you have to trust the person that has the passwords or the rescue disk.


Advertisement