RE: Cached Domain Password on Notebook, secure?
From: Alan Ramsbottom (alancr@ntlworld.com)Date: 02/20/02
- Previous message: KJK::Hyperion: "Re: restricting permissions for services in Win2K"
- In reply to: Skinner, Kit: "RE: Cached Domain Password on Notebook, secure?"
- Next in thread: Varga Daniel (QI/RZS4) *: "RE: Cached Domain Password on Notebook, secure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Alan Ramsbottom" <alancr@ntlworld.com> To: "Skinner, Kit" <KSkinner@sandstream.com>, "'Laura A. Robinson'" <larobins@bellatlantic.net>, "Varga Daniel (QI/RZS4) *" <Daniel.Varga@de.bosch.com>, <focus-ms@securityfocus.com> Date: Wed, 20 Feb 2002 11:39:57 -0000
> From: Skinner, Kit [mailto:KSkinner@sandstream.com]
> > No, the security of EFS stands or fails with the location of
> > the user and recovery agent keys. Get them off the hard drive.
> That makes very logical sense and is very important to do.
Perhaps I've misunderstood the scenario, but AFAIK Win2K & WinXP EFS
implementations use the MS Base CSP and the user's keys must be there for
EFS to work.
> However, would it be possible to brute-force 'guess' the password
Absolutely. If it can validate a password then a system clearly contains
everything (algorithms & data) an attacker needs to brute-force that
password.
But "possible" isn't necessarily the same thing as practical e.g. some
schemes deliberately use computationally expensive algorithms to slow down
brute force attacks. Don't know whether that is true in this case.
-Alan-
- Previous message: KJK::Hyperion: "Re: restricting permissions for services in Win2K"
- In reply to: Skinner, Kit: "RE: Cached Domain Password on Notebook, secure?"
- Next in thread: Varga Daniel (QI/RZS4) *: "RE: Cached Domain Password on Notebook, secure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
