Decrypt the latest features in Windows Vista 5270

We know that at the end of December, Microsoft will complete the full functionality of Vista, but the tester will wait until next February CTP to be available. So we're getting closer to a full-featured vista, and this part is about the new Vista features.

First, Palladium Guardian: Safe Start and BitLocker

A few years ago, when Bill Gates revealed that he spent at least half his time on Longhorn, the concept of Trustworthy Computing was raised. Since then, this system, which was originally called Palladium and later renamed NGSCB (Next Generation Secure Computing Base), is challenged in many ways, Because people are beginning to realize that it will be used to capture the user's control over their own machines.

However, to use this system, the PC must have an Intel tmp (Trusted Platform Module) security chip. TMP interacts with the Palladium software in Vista, offering a number of security service options. These services are optional, not only because only a handful of Vista-compliant PCs are starting to include this hardware, but because Microsoft has converged on the program since 2002. In short, the focus on palladium and TPM may be correct.

The NGSCB service actually consists of two features: Secure boot and bit Locker, the latter for full volume encryption.

Security boot ensures that the PC will not be tampered with since it was last started, and it protects the PC from violent electronic attacks with attached storage devices. The goal is physical security, which is an effective way to prevent physical cracking without worrying about data leaks due to hardware loss. Once this feature is turned on, you can no longer use CD/DVD, USB devices, bootable floppy disks to boot the system. The security boot feature also exists in previous Vista.

In 5270, we can finally get into bit locker, which was formerly called Full Volume Encryption (all volume encryption). Bit Locker inherits from EFS (Encrypting File System, encrypting filesystem) and applies to the entire hard drive. It is also for physical security settings to prevent people with ulterior motives from accessing hardware.

The security boot can be accessed through the Control Panel, but you won't see much more if you don't have TPM hardware support. If you have a TPM compatible system, you can turn on a secure boot, or you can turn on bit locker full volume encryption. If you choose to turn this on, Microsoft will take you through a lengthy process that involves several reminders and creates a recovery key that, if lost, will not be able to access the encrypted file later. You can also save the recovery key as a 48-bit password and copy it to a folder or USB memory if you wish. It takes a while to encrypt a small hard drive. Once encrypted, the user will not notice what is essentially different.