Re: Does W2K hold user's email, EFS etc private key securely ?

From: Peter 'Luna' Runestig (peter+bugtraq@runestig.com)
Date: 09/18/02 

From: "Peter 'Luna' Runestig" <peter+bugtraq@runestig.com>
To: "Laura A. Robinson" <laurarobinson@earthlink.net>
Date: Wed, 18 Sep 2002 20:47:13 +0200

[continuing the upside-down "threading"]
This is an answer I got on the newsgroup
microsoft.public.win2000.security, 30 jan 2002:
>>>>>>>>>>
The official word is that EFS cannot be used with smartcards currently.
That whitepaper is inaccurate. [1]

Windows 2000 only supports the Base CSP and Windows XP supports the
enhanced, strong and base CSPs.

http://www.microsoft.com/windowsxp/pro/techinfo/administration/recovery/
default.asp 

--

David B. Cross [MS]
<<<<<<<<<<
[1] MS white paper "Encrypting File System for Windows 2000"

Cheers,
- Peter

> Which official MS whitepapers? And how old are they?
>
> Laura
> ----- Original Message -----
> From: "Schwarz, Roland" <Roland.Schwarz@bdr.de>
> To: <focus-ms@securityfocus.com>
> Cc: <Fred.Langston@guardent.com>
> Sent: Monday, September 16, 2002 6:35 AM
> Subject: RE: Does W2K hold user's email, EFS etc private key securely
?
>
>
> > Could you provide any details on how you
> > implemented EFS keys on smart cards.
> > Official MS whitepapers say that this is not possible.
> >
> > Thanks
> > Roland
> >
> >
> >
> > > -----Original Message-----
> > > From: Fred.Langston@guardent.com
[mailto:Fred.Langston@guardent.com]
> > > Sent: Tuesday, September 10, 2002 12:48 AM
> > > To: bkml@att.net; fp56@dial.pipex.com; focus-ms@securityfocus.com
> > > Subject: RE: Does W2K hold user's email, EFS etc private key
> > > securely ?
> > >
> >
> > > We are currently using EFS key storage on Smart cards with
> > > XP, so that one's
> > > incorrect.  This one goes a long way toward solving the
> > > previously mentioned
> > > problem.  At the time of your SANS article, you were correct,
> > > but things
> > > have changed with, as you said, newer versions.
> > >
>
>

Relevant Pages

  • RE: Re[2]: Encryption on Laptops?
    ... attack that Bart described is indeed possible - but only on Windows 2000 ... I don't see any reason to conclude that EFS is inherently a weak solution. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ...
    (Security-Basics)
  • Re: Passwords on Folders
    ... > you to use passwords on folders? ... Windows NT/2000/XP do not natively let you set passwords on folders. ... Windows under which those permissions were defined. ... use NTFS on your hard drives so you can then EFS ...
    (microsoft.public.win2000.security)
  • Re: EFS Decryption Problem
    ... hard drive is running the old instance of Windows under which the EFS ... Or did you install a new instance of Windows ... The username is irrelevant to EFS. ... the EFS certificate and save it on removable media (floppy, CD, thumb ...
    (microsoft.public.windowsxp.security_admin)
  • Re: EFS Certificate Needed
    ... Backup and save on non-degrading media the EFS DRA .pfx file ... Foe sure I will follow "Windows Recommendations". ... that recovery agent will only have ... Best practices for the Encrypting File System ...
    (microsoft.public.security)
  • Re: user does not have acces privileges
    ... Windows 2003 does allow an administrator to ... the following link yet on EFS best practices be sure to review it and pay ... operating system that does not support the EFS encryption algorithm used ... I do agree with you when you saying with the reinstallation of the windows ...
    (microsoft.public.windowsxp.security_admin)