I have been reading [and reading and reading] about using winxp's encryption. MS says it's very secure - if the HD gets stolen, it's unlikely anyone can crack the encryption. You have to also set your pagefile and recent/temp folders to clear on shutdown and close any encrypted files before going into hibernation, etc, etc.
I set up a trial folder and encrypted some file copies, designated a user account as the recovery agent different than my user account, and generated a recovery certificate using the cipher /r:filename command. I then logged into the recovery agent account and tried to import the certificate, but the certificate didn't show up in the wizard. I may have been supposed to generate the recovery certificate in the recovery agent account. The instructions weren't very clear.
Because the instructions aren't all that clear in places, I'm worried about getting locked out of the files.
The encryption key generated is based on the user's pw - I'm assuming of the user who owns & encrypts the file not the recovery agent. What happens if you change your pw regularly per security recommendations? What happens if you have to use the password reset feature?
My understanding of SIDS is that you can change the password and username on an account - just don't delete the account if there are any files in it you want to be able to access ever again. But I don't know if a new encryption key is generated with a new pw. I'd think surely not - once the key is generated for a user account it stays the same. So you could use a really good pw when you generate your key and then switch to a more user-friendly one.
You have to backup the SAM registry hive because a corrupted SAM can lock you out. Does SAM backup reliably from w/in the registry [export]? [ I tried using erunt to backup my registry, but it crashed]
If you backup your files using windows backup so your encrypted files remain encrypted and your system crashes and you have to reinstall windows, which generates a new SID, are you now locked out of your backup files?
Has anyone actually used windows encryption and know how to set it up securely and safely?
Are there affordable 3rd party programs that can securely encrypt files/folders and generate keys that don't rely on SAM and SIDs? If I'm ever going to take my tablet pc outside the house I have to figure this out.