[dba-Tech] [AccessD] Bitlocker

Michael R Mattys mmattys at rochester.rr.com
Thu Apr 10 06:08:43 CDT 2008


John,

Why are you encrypting your entire drive?
Or any of it, for that matter?
The benefit must outweigh the cost ...

Michael R. Mattys
MapPoint & Access Dev
www.mattysconsulting.com

----- Original Message ----- 
From: "jwcolby" <jwcolby at colbyconsulting.com>
To: "Access Developers discussion and problem solving" 
<accessd at databaseadvisors.com>; "Tech" <Dba-Tech at databaseadvisors.com>
Sent: Thursday, April 10, 2008 12:52 AM
Subject: [AccessD] Bitlocker


>I am setting up bitlocker to encrypt my entire hard drive using Vista.
> Rather an experience as I didn't set it up from the gitgo but it is
> progressing once I managed to get the little boot partition set up.  My
> Dell M90 has the TPM hardware and stuff which is cool.
>
> One thing I thought you might be interested in is my solution for
> storing the "catastrophe" keys required in case the configuration
> changes enough to trigger a refusal to boot.  Everywhere I turned I saw
> comments about the problem of safely storing the key so that it was
> available if needed but couldn't be found.
>
> My solution... a 1 mbyte Truecrypt volume that stores the keys inside.
>
> Not a perfect solution in that it requires mounting the usb thumb drive
> somewhere, running Truecrypt to get the key files out and placed on the
> thumbdrive unencrypted.  However the keys are encrypted and the little 1
> mbyte bitlocker key volume can be stored right on the bitlocker boot
> partition along with Truecrypt itself, as well as on a couple of my USB
> thumb drives.
>
> I have a 22 character password with alpha, numbers and special
> characters protecting the Truecrypt volume.
>
> At least if my laptop is stolen I can sleep at night without worrying
> about client data.
>
> So Vista is chugging away encrypting my hard drive.  Off to bed.
> -- 
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com
> 




More information about the dba-Tech mailing list