[Full-disclosure] Re: Windows XP Home LSA secrets storesXP loginpassphrase in plain text (John Doe)
- From: Markus Jansson <seemyhomepage@xxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 07 May 2006 19:34:40 +0300
John Doe sayed:
> As what comes to EFS, once you get hold of the administrator
> account, you can decrypt the EFS for _all_ users on the computer. It
> doesn't matter how you acquired the password.
In Windows 2000 this is true, however, in Windows XP this is NOT TRUE. In Windows XP the EFS private key is encrypted using users passphrase and without the passphrase, you cannot decrypt it.
In Win2k this is not the case, in Win2k
1) Administrator is the (compulsory) recovery agent and can decrypt all EFS files anyway.
2) Users private keys are not stored encrypted in the system and anyone who can simply sign in with that users credentials (like with 3rd party tools) can decrypt users EFS files.
If you dont believe me, I promise to give you 10000 euros if you can decrypt my EFS files by simply signing into my computer as administrator. If you cannot do that, you will pay me 1000 euros, ok?
--
My computer security & privacy related homepage
http://www.markusjansson.net
Use HushTools or GnuPG/PGP to encrypt any email
before sending it to me to protect our privacy.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Prev by Date: Re: [Full-disclosure] Full Disclosure "Code of conduct"
- Next by Date: Re: [Full-disclosure] IE7 Zero Day
- Previous by thread: [Full-disclosure] [ GLSA 200605-07 ] Nagios: Buffer overflow
- Next by thread: [Full-disclosure] [SECURITY] [DSA 1052-1] New cgiirc packages fix arbitrary code execution
- Index(es):
Relevant Pages
|
