Re: EFS decryption under XP

From: "Daniel Crichton" <msnews@xxxxxxxxxxxxxxxxxx>
Date: Wed, 6 Apr 2005 10:45:37 +0100

Steffen wrote on Wed, 06 Apr 2005 11:39:49 +0200:

> Hi all,
>
> I found some news last month saying, that the EFS under WindowsXP is not
> secure anymore. It can be decrypted by a russian tool called "Advanced EFS
> Data Recovery" (AEFSDR).
>
> Is that true and proven or only a canard?

A quick scan of the info on the Elcomsoft site (who wrote the tool) it
appears to work, but only if the private keys can be decrypted (ie not
damaged or missing, and if syskey has been used only if the syskey key is
available to decrypt the private keys). I've only glanced over the
documentation so I might be wrong.

http://www.elcomsoft.com/aefsdr.html

http://www.elcomsoft.com/help/aefsdr/index.html

Dan

.

References:
- EFS decryption under XP
  - From: Steffen Loringer

Prev by Date: Re: LowPowerActive and PowerOffActive in registry
Next by Date: Re: Error Log
Previous by thread: EFS decryption under XP
Next by thread: Re: EFS decryption under XP
Index(es):
- Date
- Thread

Relevant Pages

Re: decrypt files after lost pub/priv keys - possible?
... Drive C that contained your operating system and user profiles also contained the EFS ... private keys needed to decrypt those files. ... users and recovery agent's profiles and unless you ...
(microsoft.public.win2000.security)
Re: NT profile corrupt, now EFS files lost?
... In Windows 2000 non domain computer the built in administrator account is the ... EFS Recovery Agent. ... The EFS private keys used to decrypt EFS files are kept in ... private key you still may be able to decrypt the files though you would probably ...
(microsoft.public.win2000.security)
Re: VS2005 website deployment problems with EFS
... It is not WIndows EFS, but it does encrypt. ... publish website or copy website deployment methods without manually ... If I manual decrypt the files then the manual copy the files it is quick as ...
(microsoft.public.dotnet.framework.aspnet)
Re: EFS Questions
... EFS: ... If someone encrypts files on their local computer (in a domain ... > based environment) and later needs to be decrypted by the FRA, ... Then I'm able to decrypt the files. ...
(microsoft.public.win2000.security)
Re: EFS Certs in AD or local PC?
... If his profile is in AD and we import his cert, will he be able to decrypt ... The users EFS private key is stored in the user's profile but not in a way ... If there are no correct EFS private keys [user ... configured then the RA [usually built in domain administrator account] ...
(microsoft.public.windows.server.sbs)