Re: efs and "encryption" overall... help?
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 10/14/04
- Next message: Marc Hoffman: "Terminal Services die after security updates"
- Previous message: Miha Pihler: "Re: auto updates?"
- In reply to: jjd228_at_NOSPAMoptonline.net: "efs and "encryption" overall... help?"
- Next in thread: Steven L Umbach: "Re: efs and "encryption" overall... help?"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 14 Oct 2004 14:30:23 -0500
Just to add to Mike's advice that in addition to using strong passwords that
require password complexity and at least eight characters be sure to disable
storing of lm hash on the computer. It is easy to reset the built in
administrators password on any computer that a hacker has full physical
access to. If that happens the attacker could use something like LC5 to
crack the users password to access their EFS private key. Lm hashes are
extremely easy to crack.
http://support.microsoft.com/default.aspx?scid=KB;EN-US;q299656& -- how to
disable lm hash. Note that password must be changed to erase existing lm
hash.
To be absolutely sure that an attacker can not access EFS encrypted files
the user must export and delete their EFS certificate and private key to a
.pfx file. If Windows 2000 requires the use of a Recovery Agent while
Windows XP Pro does not. A Recovery Agent private key left on the computer
could also be used to decrypt a users EFS files. XP Pro also uses much
stronger encryption to encrypt EFS files, not that it would be easy to crack
Windows EFS files without a LOT of horsepower and a very long time. Long
enough to probably make the data long obsolete. Keep in mind that with XP
Pro that more then one user may be able to decrypt the file if the original
user added other users to the list and their private keys exist on the
computer. Efsinfo can list what users and Recovery Agents can decrypt a
specific file. --- Steve
<jjd228@NOSPAMoptonline.net> wrote in message
news:bLvbd.6321$Fe6.1690871@news4.srv.hcvlny.cv.net...
> what can a person do if they want to encrypt the contents of their
> harddrive so that even if someone physically removed the drive, nothing
> would be readable?
>
> heres how i understand the EFS as it works with ms windows....
> i can encrypt a file, folder, or even a whole drive. at the time of the
> first encryption a certificate is created that is used to decrypt those
> file. if you remove the certificate, then log off and back on, you will
> not have access to the previously encrypted files, all good so far? but
> what good is this if the certificate is stored on the same drive? im sure
> it could be obtained and used to decrypt files if the drive was removed.
> obviously even the strongest password on your user account does nothing to
> help if you dont use encryption because again, physically removing the
> drive and connecting it to another machine will get around the logon
> password. so my question, again, is: how can a person encrypt the contents
> of a harddrive in such a way so that the ONLY way to access the files on
> it would be to successfully logon as the user who originally encrypted the
> files? in this way a strong password would make it mathematically unlikely
> that your files would be read by anyone. thanks in advance
>
>
- Next message: Marc Hoffman: "Terminal Services die after security updates"
- Previous message: Miha Pihler: "Re: auto updates?"
- In reply to: jjd228_at_NOSPAMoptonline.net: "efs and "encryption" overall... help?"
- Next in thread: Steven L Umbach: "Re: efs and "encryption" overall... help?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
