Someone say, "Security"?

Yes, whole disk security.

Article recently found on the net: (presented in public interest.)

"After reading about several laptop thefts and losses, my boss wants me to set up whole disk encryption for her Vista travel laptop. After doing some research, it seems she has three options: Bitlocker (part of Vista Ultimate), PGP Whole Disk Encryption, and TrueCrypt. My main problem now is choosing one. Can someone help me?"

OK; I use all three, PGP Whole Disk Encryption on one machine, TrueCrypt on another, and one server has a TPM, so it, and its RAID arrays are BitLocker protected.

Each addresses slightly different security concerns. If you want to encrypt your disk with a password, and that's all you need, any of these will do the trick. If you want a hardware cryptographic token, so a thief can't obtain your encryption key by brute force, go with PGP Whole Disk Encryption, or BitLocker that supports a TPM with PIN functionality.

BitLocker is probably the easiest to implement, as you just install it, run software to check and partition the root disk. Then, save the recovery key on a USB flash drive (well away from the laptop). You can also save the recovery key on a TrueCrypt volume too. Once Bitlocker is enabled, the security of the machine will be the user passwords (especially any user with Administrator rights.) Make sure you have a decently long (16 characters, preferably more than 20) password to log on with. If you use BitLocker with a PIN and the TPM, you can get away with shorter user passwords if you hibernate or shut down.

Disadvantage of BitLocker -- Requires a TPM for decently secure functionality. TPM enabled laptops are rare, and desktops are rarer still, unless you explicitly buy a motherboard with one, or a "corporate" desktop.

Visit www.full-disc-encryption.com and Trusted Platform Module for more information.

TrueCrypt is a very good solution. It is licensed at no charge (donations are recommended), and is very secure. However, its intended for a single user machine. Using multiple passwords with it is kludgy at best. However for a single user, its very secure once enabled, and you burn a TC recovery CD.

PGP Whole Disk Encryption is the most versatile. It can use a TPM, USB flash drive, smart card, eToken, or none of the above, and use multiple ones in a list to authenticate for a hard disk to work. For example, my laptop has an eToken for hardware security, but as an emergency, I have a very long recovery passphrase if the eToken gets lost or someone locks it by too many guesses. Another example is a friend of mine who has a TPM on his laptop, but if that fails for some reason, he has two eToken keys as backup. PGP Whole Disk has a very good reputation, and is by far best solution for a business IT environment.

You can't go wrong with any of the three listed.

There's a fourth option: SafeBoot. Do not use SafeBoot on Windows Vista if you already use BitLocker.

NOTICE: Author and presented entities are not affiliated with Freedom School.

Specialty Areas

All the powers in the universe seem to favor the person who has confidence.

More & Other Information - Resource Pages
Admiralty related items		Belligerent Claimant
Bonds		Attention Signing the Constitution Away
Citizenship / nationalty related items		Education
Graphics		History
Jerry Kirk		Aware
Jurisdiction		Law related items
Lewis Mohr		Luis Ewing
Money		Oath related items
Reading Material		Reading Room
Stuff		Tax matters
Travel related		Truth
		Video

CONSIDER DAYLIGHT SAVINGS TIME WHERE APPLICABLE
PACIFIC	MOUNTAIN	CENTRAL (GMT -06:00)	EASTERN
www.timeanddate.com

NOTICE: The information on this page was brought to you by people who paid this website forward so that someone such as you might also profit by having access to it. If you care to do so also please feel encouraged to KEEP THIS SITE GOING by making a donation today. Thank you.

Freedom School is not affiliated with the links on this page - unless otherwise stated.

Freedom School information served for educational purposes only, no liability assumed for use.
The information you obtain at this site is not, nor is it intended to be, legal advice.
Freedom School does not consent to unlawful action.
Freedom School advocates and encourages one and all to adhere to, support and defend all law which is particularly applicable.
Information is intended for those men and women who are not "US CITIZENS" or "TAXPAYERS" - continued use, reference or citing indicates voluntary and informed compliance.

Freedom School is a free speech site and operation as there is no charge for things presented
this site relys on this memorandum and others in support of this philosophy and operation.
The noteworthy failure of the government or any alleged agency thereof to at any time rebut anything appearing on this website constitutes a legal admission of the fidelity and accuracy of the materials presented, which are offered in good faith and prepared as such by Freedom School and third parties affiliated or otherwise. If the government wants to assert that any of the religious and/or political statements that are not factual appearing on this website are in error, then they as the moving party have the burden of proof, and they must responsively meet that burden of proof under the Administrative Procedures Act 5 U.S.C. §556(d) and under the due process clauses found in the Fifth, Sixth, and Seventh Amendments to the national Constitution BEFORE there will be response to any summons, questions, or unsubstantiated and slanderous accusations. Attempts at calling presented claims "frivolous" without specifically rebutting the particular claim, or claims, deemed "frivolous" will be in deed be "frivolous" and prima facie evidence that shall be used accordingly. Hey guys, if anything on this site is found to be in error a good faith effort will be made to correct it in timely fashion upon notification.

H O M E