RE: Relative Security Provided by Cached Domain Credentials?
From: Zack Schiel (ZSchiel_at_blueandco.com)
Date: 05/11/04
- Previous message: Nicolas RUFF (lists): "Re: Relative Security Provided by Cached Domain Credentials?"
- Maybe in reply to: Zack Schiel: "Relative Security Provided by Cached Domain Credentials?"
- Next in thread: Kevan Smith: "RE: Relative Security Provided by Cached Domain Credentials?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 11 May 2004 15:19:31 -0500 To: "Nicolas RUFF (lists)" <ruff.lists@edelweb.fr>, <focus-ms@securityfocus.com>
>- EFS encryption is 3DES (unless you have a restricted export version
of >
>Windows), with a random FEK (File Encryption Key) for each file.
Actually, it's DESX on Win2k, 3DES on XP RTM, and AES on XPSP1+.
>So if you know the user password, you can decipher all EFS encrypted
files. >See "Advanced EFS Data Recovery" tool from ElcomSoft :
>http://www.elcomsoft.com/aefsdr.html
Nice tool; that could come in handy someday. It's reassuring to see
that it couldn't quickly crack several test files that I encrypted, even
with syskey in its default mode. (On WinXP) I needed to divulge the
user's password before it got anywhere.
> About Cached Logons :
> ---------------------
Thanks; that cached logon info is what I was after.
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Nicolas RUFF (lists): "Re: Relative Security Provided by Cached Domain Credentials?"
- Maybe in reply to: Zack Schiel: "Relative Security Provided by Cached Domain Credentials?"
- Next in thread: Kevan Smith: "RE: Relative Security Provided by Cached Domain Credentials?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
