Hi!
I have seen several posts related to encryption/decryption filters. I have few questions.
- What is the objective of implementing such a filter?
- Many objectives like preventing a file being taken outside the organization on removable media can be achieved by just disabling them. Why is a filter needed?
- A user wants to keep all his information encrypted. He also wants to take the files on removable drives in encrypted form. And he has some more machines with the filter running on it. Whenever he wishes to open the file on those machines he will be prompted for the password. But cant this be done by utilities like WinZip? Of course it will not provide automatic encryption/ decryption on local machine.
This along with 1-2 minor uses did not seem to be a strong reason for building a commercial product of this kind.
The use of encryption/ decryption filter seems to be more wierd than the technical aspects.
May be my limited knowledge in the domain constrains me from getting a much broader picture.
Any suggestions and comments are invited.
Thanks!
Ayush Gupta
> he has some more machines with the filter running on it. Whenever he
wishes to open the file on those machines he will be prompted for
the password. But cant this be done by utilities like WinZip?
Try to work few days that way. Decrypt every file before you
want to use it, and of course encrypt it back when you are done.
I bet on 2 days at the most until you get angry 
Of course there is EFS, which gives a possibility to encrypt
files and also keep them encrypted all the time and accessible
for you if you are logged on. But sharing keys between more users
is almost impossible with EFS, and it also does not allow
to transfer encrypted file on removable media. It also does
not allow you to use encryption method, or to use files encrypted
by more different keys.
L.
EFS requires some knowledge to properly safeguard the keys so that recovery
is possible. For the paranoid, there is always the chance that there are
backdoors in EFS that permit some governments to obtain access to the data.
I don’t think real secure encryption can be possible without the use of
smartcards where the private key is never released. Even then I have seen
some articles on brute force attacks (and maybe some smart attacks) on
longer RSA key lengths.
A plug for our hosts follows as they (OSR) have an encryption/compression
file system kit available. I have not seen it nor heard from someone who
has used it, but from some of the snippets of information I have seen posted
it appears to be the only comprehensive solution to the problem. When
someone else holds the file system behaviors at their whim, there is no way
to filter it and keep stability and reliability where they should be. NTFS
is still undocumented and changes with each OS release. The new
transactions in NTFS hold many pitfalls for those writing encryption
drivers. NTFS does not offer both encryption and compression on the same
file/folder/drive. I think compression is useful with encryption in that
redundant data can be eliminated or reduced in size to make data analysis
more difficult.
“Ladislav Zezula” wrote in message news:xxxxx@ntfsd…
>> he has some more machines with the filter running on it. Whenever he
>> wishes to open the file on those machines he will be prompted for
>> the password. But cant this be done by utilities like WinZip?
>
> Try to work few days that way. Decrypt every file before you
> want to use it, and of course encrypt it back when you are done.
> I bet on 2 days at the most until you get angry
>
> Of course there is EFS, which gives a possibility to encrypt
> files and also keep them encrypted all the time and accessible
> for you if you are logged on. But sharing keys between more users
> is almost impossible with EFS, and it also does not allow
> to transfer encrypted file on removable media. It also does
> not allow you to use encryption method, or to use files encrypted
> by more different keys.
>
> L.
>
>
>
I’m not very current on this encryption/compression. But if I could
recall, encryption followed by compression does not give much compactness
since encryption makes the data not very amenable to compression.
Prehaps compression followed by encryption is an approach to see how much
compactness can be achieved …
-pro
EFS requires some knowledge to properly safeguard the keys so that
recovery
is possible. For the paranoid, there is always the chance that there are
backdoors in EFS that permit some governments to obtain access to the
data.
I don’t think real secure encryption can be possible without the use of
smartcards where the private key is never released. Even then I have seen
some articles on brute force attacks (and maybe some smart attacks) on
longer RSA key lengths.
A plug for our hosts follows as they (OSR) have an encryption/compression
file system kit available. I have not seen it nor heard from someone who
has used it, but from some of the snippets of information I have seen
posted
it appears to be the only comprehensive solution to the problem. When
someone else holds the file system behaviors at their whim, there is no
way
to filter it and keep stability and reliability where they should be.
NTFS
is still undocumented and changes with each OS release. The new
transactions in NTFS hold many pitfalls for those writing encryption
drivers. NTFS does not offer both encryption and compression on the same
file/folder/drive. I think compression is useful with encryption in that
redundant data can be eliminated or reduced in size to make data analysis
more difficult.
“Ladislav Zezula” wrote in message news:xxxxx@ntfsd…
>>> he has some more machines with the filter running on it. Whenever he
>>> wishes to open the file on those machines he will be prompted for
>>> the password. But cant this be done by utilities like WinZip?
>>
>> Try to work few days that way. Decrypt every file before you
>> want to use it, and of course encrypt it back when you are done.
>> I bet on 2 days at the most until you get angry
>>
>> Of course there is EFS, which gives a possibility to encrypt
>> files and also keep them encrypted all the time and accessible
>> for you if you are logged on. But sharing keys between more users
>> is almost impossible with EFS, and it also does not allow
>> to transfer encrypted file on removable media. It also does
>> not allow you to use encryption method, or to use files encrypted
>> by more different keys.
>>
>> L.
>>
>>
>>
>
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@garlic.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>