[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pidgin-support
Subject:    Re: Password encryption
From:       John Bailey <rekkanoryo () rekkanoryo ! org>
Date:       2008-03-17 20:15:25
Message-ID: 47DED15D.7010301 () rekkanoryo ! org
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


Venkatasamy,Venkat wrote:
> The helpdesk support team will have local admin access in all the
> computers. The members will be able to access the profile folders for
> all users. In this case, I belive this is a not a secure solution.

Local administrator access in itself, even to the server on which profile=

directories are stored, is not enough to decrypt the file if you are usin=
g an
Active Directory domain and your users are logging in via domain accounts=
=2E  In
this scenario, only the user and the encryption administrator (which defa=
ults to
the domain's first Administrator account) at the time of the file's origi=
nal
encryption would be able to decrypt the file.

Local administrator access via an administrative account other than the d=
efault
built-in administrator account would also be insufficient where the users=
 are
logging into standalone machines with local user accounts, as the encrypt=
ion
administrator on a standalone machine defaults to the built-in local
administrator account.

While it's not perfect, NTFS encryption does give a reasonable form of
protection when used intelligently.  There are a number of explanations o=
f this
around on the web, as well as a number of Microsoft publications (includi=
ng the
MCP, MCSA, and MCSE training kits for the Windows 2000 Server/Advanced Se=
rver
and Windows Server 2003 products), that cover this topic quite well.

Of course, there is no such thing as unbreakable encryption.  Anyone who =
wants
your data will get it with sufficient time, computing power, and determin=
ation.

John


["signature.asc" (application/pgp-signature)]

_______________________________________________
Support mailing list
Support@pidgin.im
http://pidgin.im/cgi-bin/mailman/listinfo/support


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic