RE: Cached Domain Password on Notebook, secure?

From: Skinner, Kit (KSkinner@sandstream.com)
Date: 02/20/02 

From: "Skinner, Kit" <KSkinner@sandstream.com>
To: "'Laura A. Robinson'" <larobins@bellatlantic.net>, "Varga Daniel (QI/RZS4) *" <Daniel.Varga@de.bosch.com>, focus-ms@securityfocus.com
Date: Tue, 19 Feb 2002 23:11:57 -0000

That makes very logical sense and is very important to do. I assume
Daniel's follow-up concern would be, if the user can log in successfully to
that machine when its not on the domain and the user can read/write
encrypted files, why couldn't you just break the 'cachedpassword' to login
as the user, thereby gaining access to all the Encrypted files?

As Eric pointed out, its a one-way encryption which is essentially
impossible to crack. However, would it be possible to brute-force 'guess'
the password from the hash in a fashion similar (but more complex than)
l0phtCrack?

-K

-----Original Message-----
From: Laura A. Robinson [mailto:larobins@bellatlantic.net]
Sent: Tuesday, February 19, 2002 4:24 PM
To: Varga Daniel (QI/RZS4) *; focus-ms@securityfocus.com
Subject: Re: Cached Domain Password on Notebook, secure?

> We plan to roll out EFS to secure our notebooks in case they get lost but
as
> I see the security of EFS stands and falls with the security of the
password
> of the user.
>
No, the security of EFS stands or fails with the location of the user and
recovery agent keys. Get them off the hard drive.

Laura

Relevant Pages

  • Re: Encrypting File System - EFS in Win XP
    ... > does support file sharing between multiple users on a single file. ... > This diverse from Windows XP because EFS states that the users who will be ... You do not have EFS encrpytion on a folder. ... >> Authorizing Multi-User Access to Encrypted Files ...
    (microsoft.public.windowsxp.security_admin)
  • Re: EFS Certificate Needed
    ... a backup and restore of an EFS ... not load some of them because the encrypted files were still present. ... Foe sure I will follow "Windows Recommendations". ... that recovery agent will only have ...
    (microsoft.public.security)
  • News reader software failure. The EFS question in a nutshell.
    ... The EFS question: In numerous places, readers are told that they can recover ... What then is the minimum required to recover encrypted files? ... EFS keeps your private key in cache until you log off. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: opening an encrypted files
    ... >that drive I create encrypted files (using XP Pro's built-in EFS). ... I want to be able to access those files when I plug that USB ... link in the world - a solid password that hardly any home user bothers ...
    (microsoft.public.windowsxp.general)
  • Re: EFS is a joke!
    ... > You seem to be missing a couple of basics of security yourself. ... And if he could do that, why use EFS at all? ... they can't decrypt the file and see your information. ... multiple layers of encryption for security. ...
    (comp.security.misc)