jwcolby
jwcolby at colbyconsulting.com
Wed Apr 9 23:52:30 CDT 2008
I am setting up bitlocker to encrypt my entire hard drive using Vista. Rather an experience as I didn't set it up from the gitgo but it is progressing once I managed to get the little boot partition set up. My Dell M90 has the TPM hardware and stuff which is cool. One thing I thought you might be interested in is my solution for storing the "catastrophe" keys required in case the configuration changes enough to trigger a refusal to boot. Everywhere I turned I saw comments about the problem of safely storing the key so that it was available if needed but couldn't be found. My solution... a 1 mbyte Truecrypt volume that stores the keys inside. Not a perfect solution in that it requires mounting the usb thumb drive somewhere, running Truecrypt to get the key files out and placed on the thumbdrive unencrypted. However the keys are encrypted and the little 1 mbyte bitlocker key volume can be stored right on the bitlocker boot partition along with Truecrypt itself, as well as on a couple of my USB thumb drives. I have a 22 character password with alpha, numbers and special characters protecting the Truecrypt volume. At least if my laptop is stolen I can sleep at night without worrying about client data. So Vista is chugging away encrypting my hard drive. Off to bed.