RE: How to get my encrypted files back.

From: Eli Allen (eallen@mail.bcpl.lib.md.us)
Date: 01/21/02


From: "Eli Allen" <eallen@mail.bcpl.lib.md.us>
To: "David Klotz" <dklotz@cognitor.com>, <focus-ms@securityfocus.com>
Date: Mon, 21 Jan 2002 17:41:43 -0500

Some small errors: (since the files are still basically lost)

You don't need any unencrypted versions of the files. Lots of files already
have well known structures that can be used when attacking the cipher text
like known headers and just statistics of the value of the characters being
used.

EFS uses DESX by default not 3DES. 3DES is used if you change the config
and make the computer FIPS compliant.

You don't need any cryptanalysts. DES is pretty well understood so all you
need is a cracking program that works on one of the types of files
encrypted. Still need a hell of alot of computer power.

BTW with the state of the Russian economy it may be cheaper to hire the KGB
:)

--
Eli Allen
eallen@bcpl.net

> -----Original Message----- > Well there is one significant difference: if you (Buba) have any > unencrypted > versions of the files and the the corresponding encrypted > versions, then you > might be able to launch a known plaintext attack. Unfotunately, this is > probably not going to be a big help. A little research indicated that MS > is using triple-DES to encrypt files in EFS. I'm not an expert > cryptographer by any strecth, but even with a known plaintext attack I > believe 3DES is close to practically unbreakable. Unless you've > got a staff > of expert cryptanalysts and a whole lot of computing power you're probably > not goign to be able to decrypt these files. > > Basically you have two options here: use a backup copy of your encryption > key, or convince the NSA that decrypting these files is a matter > of national > security. If you have no backup, I'd start coming up with a pretty good > story to feed the spooks... > > This does a pretty good job of explaining the situation: > > http://www.8wire.com/articles/?AID=2594 > > > -DK > > ----- Original Message ----- > From: <adept@hektik.com> > To: <focus-ms@securityfocus.com> > Sent: Monday, January 21, 2002 10:39 AM > Subject: RE: How to get my encrypted files back. > > > > If you are able to retrieve these I'll be disappointed... You > are in the > > same situation as an unauthorized person who has stolen > encrypted files it > > sounds like. > > > > -----Original Message----- > > From: Buba - [mailto:bresso_k@hotmail.com] > > Sent: Saturday, January 19, 2002 9:03 AM > > To: focus-ms@securityfocus.com > > Subject: How to get my encrypted files back. > > > > > > > > > > A few weeks ago I wanted to encrypt my files. I found > > the option under file->properties->advanced- > > >'Encrypt contents to secure data', so I selected the > > files and execute this operation. > > > > But then my WinXP(prof.) crashed and I had to > > reinstall (format.., install) WinXP. > > After the installation when I opened one of my > > encrypted files, I got messages: "Don't have > > premission to open the file", etc. > > > > I searched the web and found some options: > > - That you can import a certificate in MMC, but I don't > > have it anymore. > > - That you can ask for a 'new certificate' in MMC, if > > you have a connection with the 'Active Directory'. I > > haven't one. > > - That you can make a 'Recovery Agent' in MMC (or a > > subprogram of it). But there I have to select a *.CER- > > file, which I haven't. > > > > Is it in any way possible to decrypt my (important) > > files > > > > Things I have thought of are downloading a *.CER-file > > from the internet and use it in #1 or #3 (see above) > > OR connect to the 'Active Directory' (see #2) in a > > way. > > > > Please help me because it is very important > > information that I encrypted. > > Thanks in advance. > > > > > >



Relevant Pages

  • RE: NTE_BAD_DATA
    ... They are NOT used DIRECTLY to encrypt / decrypt data; ... you should generate a RANDOM SESSION KEY and select a SYMMETRIC ENCRYPTION ... // imported from a BLOB read in from the source file or having ...
    (microsoft.public.platformsdk.security)
  • Re: Back Doors
    ... >> Design into the system a master key. ... Encrypt that with public key. ... Decrypt random symmetric key with private key. ...
    (sci.crypt)
  • Re: CAPI and RC4: can not decrypt when Final parameter is set to F
    ... to store ASYMMETRIC key pairs - never symmetric keys like RC4, ... Now when you need to encrypt at one place and decrypt at the other normally ... Get a HCRYPTPROV handle to a key container with CryptAcquireContext ...
    (microsoft.public.platformsdk.security)
  • Re: RSA - Public vs. Private Keys
    ... This is a common pattern for license software ... your client will send a unique machine hash to the ... will let us decrypt with a Public Key (or simply not ... |> RSA is intended to encrypt messages with public keys only. ...
    (microsoft.public.dotnet.security)
  • Re: .NET Crypto Classes Interoperability with Win32 Crypto APIs
    ... when i encrypt a string using .NET classes and try to ... > decrypt it using Win32 APIs, ... > UnicodeEncoding(); ...
    (microsoft.public.dotnet.security)