Re: [Fed-Talk] Filevault and FIPS
Re: [Fed-Talk] Filevault and FIPS
- Subject: Re: [Fed-Talk] Filevault and FIPS
- From: "Wm. Cerniuk" <email@hidden>
- Date: Wed, 17 Dec 2008 14:31:15 -0500
Here's the problem, the recovery password is still valid until the computer connects to the home network and talks to the PGP server.
Essentially the recovery password becomes another password for the user until the user logs in and the password dies. The user's password is active from that point forward. The reset password is active until it gets to a network connection.
The user is in control of both password equally until the reset is taken away. Can the user do something different with the reset password that they have not done before ... or that they cannot with their password? Isn't it essentially a temporary password to protect like the normal one?
V/R, Wm. Cerniuk On Dec 17, 2008, at 1:50 PM, Allan Marcus wrote: PGP has a fatal flaw, IMHO. If the end user forgets or needs to have the password changed, the end user calls the help desk. The help desk simply looks up the end users computer in a database and provides a recovery password. The end user uses the recovery password and can reset her own password. Here's the problem, the recovery password is still valid until the computer connects to the home network and talks to the PGP server.
|
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden