XP EFS: are forensics progs cracking it now?

  • Thread starter Thread starter Joe Admin
  • Start date Start date
Joe said:
I hear that the newest version of Encase cracks EFS
Click to expand...

Not exactly. It doesn't "crack" it at all.

http://www.guidancesoftware.com/products/downloads/efs-datasheet.pdf

Notice how they are careful to specify they are talking about "locally
authenticated" users. In other words, episode 237 of "Why its a bad idea to
store the encryption keys along side the encyrypted data", also known as
"Why you should ideally be using EFS in a domain environment."

Enjoy.


--
--
Rob Moir, Microsoft MVP for servers & security
Website - http://www.robertmoir.co.uk
Virtual PC 2004 FAQ - http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html

Kazaa - Software update services for your Viruses and Spyware.
 
Everything is crackable given time and knowledge. It is my understanding
that as long as the system is still running or accessible that set the EFS
Microsoft has a tool for FBI, etc... to be able to decrypt the information.
 
Jeremy;
What is your source?
If there were such a tool, toe people that watch over privacy would be
all over the FBI and Microsoft.
 
Looks like they try to crack user's passwords if they don't have them. If
the key material is on the machine (almost always), EFS is only as strong as
the user's password.
 
Drew said:
Looks like they try to crack user's passwords if they don't have
them. If the key material is on the machine (almost always), EFS is
only as strong as the user's password.
Click to expand...

As a practical matter with most peoples passwords thats "Not Very", then.
But from the standpoint of the strength or weakness of the encryption, there
is nothing new to see here.

Thats my take on it anyhoo.

--
--
Rob Moir, Microsoft MVP for servers & security
Website - http://www.robertmoir.co.uk
Virtual PC 2004 FAQ - http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html

Kazaa - Software update services for your Viruses and Spyware.
 
You must log in or register to reply here.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

What threats are EFS (Encrpypting File System) trying to protect? 2
New EFS tool available - EFS Certificate Configuration Updater 14
EFS access 2
Help with EFS 1
XP and EFS 3
Certificate template for EFS 1
RSAKeyLength setting for EFS - XP or Vista only? 5
Changing computers with EFS documents 1

Back
Top