RE: Cached Domain Password on Notebook, secure?

From: David@cawdgw.net
Date: 02/21/02 

From: <David@cawdgw.net>
To: <smoulec@cuisinesolutions.com>, "'Varga Daniel (QI/RZS4) *'" <Daniel.Varga@de.bosch.com>, "'Laura A. Robinson'" <larobins@bellatlantic.net>, <focus-ms@securityfocus.com>
Date: Thu, 21 Feb 2002 05:26:57 +0100

Okay, now you've all confused me. I know that the key has to be present, but
I thought there was a certificate that was tied to that key that MUST be
present to use the key and that the certificate could be easily removed from
the system and placed on a smart card or floppy disk, etc, what media being
restricted by the size of the certificate.

That certificate also being the mechanism that gives the Encrypted Data
Recovery Agent the ability to decrypt a users data because the EDRA
certificate can access the users private key for decryption only. (Not to
sign things or encrypt). Or so I thought.

Someone want to step up and correct my thinking?

D. Weiss
MCSE/CCNA/SSP2

-----Original Message-----
From: Stephane Moulec [mailto:smoulec@cuisinesolutions.com]
Sent: Wednesday, February 20, 2002 6:50 PM
To: 'Varga Daniel (QI/RZS4) *'; 'Laura A. Robinson';
focus-ms@securityfocus.com
Subject: RE: Cached Domain Password on Notebook, secure?

I agree with Daniel's statement: I believe you can backup the keys but
you cannot 'remove' them from the hard disk (I don't even know where the
keys are physically stored. Anyone??). I manage to achieve a decent
security with a similar scheme using PGP disk (not freeware though, you
have to buy it from Network Associates. See
http://www.pgp.com/products/mail-file-encryption/default.asp). Here are
my $.02 (well, it works for me anyway):

1 - Install PGP with its default settings.

2 - After the installation is complete (includes creating the public and
private keyrings), move the keyrings onto a smartcard (you can use a USB
reader on desktops or a PCCard adapter on laptops).

3 - Once this is done, create a PGPDisk (virtual encrypted disk stored
on your hard drive that can be mounted on demand using your private key
as a credential) that will be used to store all confidential information
(documents, e-mail files, etc...) I make the assumption that you do not
need to protect the entire hard disk, I may be wrong but I don't see why
someone would do that.

4 - When you travel, DO NOT store the smartcard in your PC bag (you have
to trust people not to do that. That is the weak link)

If the smartcard is missing, the virtual hard disk cannot be mounted and
the data cannot be accessed (PGPdisk uses BLOWFISH encryption (or is
that TWOFISH? Memory leak!). It can probably be broken but not easily.)
The advantage of having your keyring on a smartcard is that you can
easily use it on several machines. Achieving this with EFS involves a
whole PKI, I'm not sure you want to go there.

The scheme I use is actually a little more complicated. Contact me off
the list for more details (it involves multiple partitions on the hard
disk). 

--
Stephane Moulec
Network Systems Manager
Cuisine Solutions

-----Original Message-----
From: Varga Daniel (QI/RZS4) * [mailto:Daniel.Varga@de.bosch.com]
Sent: Wednesday, February 20, 2002 3:03 AM
To: 'Laura A. Robinson'; focus-ms@securityfocus.com
Subject: RE: Cached Domain Password on Notebook, secure?

> No, the security of EFS stands or fails with the location of
> the user and recovery agent keys. Get them off the hard drive.

The user can export his public and private keys onto floppy. But this is
for backup reasons only. He cannot store his  keys on external media
exclusively (SmartCard, etc.). So the keys remain on the hard drive, no
chance.

An MS-Engineer assured me that it would be incredibly hard for an
attacker to get these keys but he failed to explain me why or how these
keys on the hard drive are protected. Can anyone of you?

thanks
--
Daniel

Relevant Pages

  • Re: RSA vs AES
    ... > Verisign, MS took the extra burden of issuing a critical patch to ... > those stolen root CAs. ... if any of these other keys ever got compromised ... ... BBN Certificate Services ...
    (sci.crypt)
  • Re: SSH vs. IKE trust models (was Re: Insecure IKE Implementations Clarification)
    ... >notebook, all the keys I need have already been stored, that's why I can ... Especially on university networks, you'll have to ... dsniff already handles the certificate case pretty well. ... >prohibitive ($200 per SSH server is a hefty price tag). ...
    (Bugtraq)
  • Re: Problem with CryptSignMessage use in GINA DLL
    ... To have access to a user's certificate and keys you need to be running under ... This happens for a user app. ... The certificate is read from the smartcard correctly ...
    (microsoft.public.platformsdk.security)
  • RE: [fw-wiz] insecurity in internet connection thro cable modems
    ... > - Sign the certificate with the local root CA created there ... > to function and create keys without needing a certificate, ... > where the PIX was 2 ... >> GlobalPro makes it easier to maintain a fleet of Netscreens. ...
    (Firewall-Wizards)
  • Re: Using keys on a smartcard
    ... If the smartcard has a CSP and propogates the certificate to the CryptoAPI ... > In our organisation we have public/private keys issued by ...
    (microsoft.public.win2000.security)
Quantcast