Re: NTFS File Encryption Question
- From: NobodyMan <none@xxxxxxxx>
- Date: Wed, 13 Apr 2005 19:50:24 -0400
On Wed, 13 Apr 2005 12:25:01 -0500, "Don Burnette"
<d.burnette@xxxxxxxxxxxxxxxxxxx> wrote:
>Al Dykes wrote:
>> In article <a7no51p189d8qimdbdlqhsjh1r3sre09ba@xxxxxxx>,
>> NobodyMan <none@xxxxxxxx> wrote:
>>> I am certainly no expert on EFS and the XP implementation, but I do
>>> know it is tied to the SID of the user account in question. I
>>> strongly suspect that when you move the USB drive to the notebook,
>>> then import the certificates, it won't decrypt them because the SIDs
>>> on the two accounts don't match. They can't and never will.
>>
>> That doesn't sound right. If you export the keys to a floppy as a
>> disaster contingency plan the next machine you use the key on will
>> never have the same SID.
>
>
>Correct.
>
>Read up on encryption here:
>http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316
>
>NTFS file encryption is not for the faint of heart. You take a risk when you
>encrypt. There is NO back door to get your files back if you find yourself
>in a situation where you can't access them. You must have a valid private
>key and certificate, and best to have a designated recovery agent.
>
>Remember, encryption is only as good as the password you have assigned to
>your account. It runs transparent. If someone wants at your files, and can
>figure out your password, then it does no good...
>
>It can be easy to have files ecrypted, and without thinking you do a
>reformat, or find yourself in a disaster situation and have to reformat,
>only to find you can no longer access those important files you have
>encrypted. Or you find yourself in a situation where suddenly your user
>profile has become corrupt...
>
>I keep my private key and certificate seperate, on both a floppy and a cdr,
>and put away in a safe place.
>I really probably don't need to use encryption, but I am paranoid and if my
>system should get stolen, or someone get access to it without my knowledge,
>I do not want them to easily be able to get to important personal
>information, like my financial files. But I realize, even with the
>precautions I take, I still run a risk of loss if I screw up, which can
>happen!
>
>So if you really believe you need encryption, and accept the risk, I
>strongly suggest to do a lot of reading on it, then ecrypt some non
>important files, and test them, before ecrypting your important files that
>you can't do without.
>
>Don Burnette
Well, as I said at the outset, I'm no expert in EFS. I've never used
it and never will, at least not in the personal computer setting. I
don't deal with state secrets needing this level of security, and
further, the XP implementation of it is too transparent as it is tied
to user accounts that are, for the most part (at least in home
computers) not protected by a password.
Not only that, but nobody in my military organization uses EFS at
work, for the very reason of what the EFS is tied to. It is just too
easy to crack a user account. Any secure computing is done on
standalone systems with extremely strict access rules and rights.
.
- References:
- NTFS File Encryption Question
- From: Barry Watzman
- Re: NTFS File Encryption Question
- From: CS
- Re: NTFS File Encryption Question
- From: Barry Watzman
- Re: NTFS File Encryption Question
- From: NobodyMan
- Re: NTFS File Encryption Question
- From: Al Dykes
- Re: NTFS File Encryption Question
- From: Don Burnette
- NTFS File Encryption Question
- Prev by Date: Re: non-existent folder !
- Next by Date: Re: Lost MS Disc
- Previous by thread: Re: NTFS File Encryption Question
- Next by thread: Re: NTFS File Encryption Question
- Index(es):
Relevant Pages
|
|
