RE: Relative Security Provided by Cached Domain Credentials?

From: Kim Oppalfens (Kim.Oppalfens_at_azlan.be)
Date: 05/25/04

  • Next message: Paul.Bastide_at_Wearguard-Crest.com: "RE: Workstation service deletes itself??" 
    To: Kevan Smith <Kevan.Smith@tideworks.com>, "Nicolas RUFF (lists)" <ruff.lists@edelweb.fr>, focus-ms@securityfocus.com
Date: Tue, 25 May 2004 15:56:01 +0200

    I have seen mentioned the use of smartcards for efs certificates in this
    thread a couple of times.

    Although it would be nice in theory it was my understanding that this cannot
    be used at present because not thought about in the efs API, so during
    decreption or encryption for that matter only the personal certificate store
    is checked for a key, not any smartcard related stuff.

    At least that is what I understood about efs and smartcards.
    Has any of you actually tested the smartcard solution, or it this how you
    would theoratically handle it?

    Kim Oppalfens

    -----Original Message-----
    From: Kevan Smith [mailto:Kevan.Smith@tideworks.com]
    Sent: dinsdag 11 mei 2004 22:47
    To: Nicolas RUFF (lists); focus-ms@securityfocus.com
    Subject: RE: Relative Security Provided by Cached Domain Credentials?

    We're testing the completeness of my understanding of Win2K3 PKIs, so feel
    free to correct me, but as I understand it the situation isn't quite as dire
    as Nicolas makes it sound.

    True, EFS certificates (indeed, all user certificates) are stored either in
    the users profile (locally on the client computer) or on a smartcard,
    depending your implementation. With certs stored in your user profile, the
    private key portion of the cert is stored locally on the client computer,
    and possibly archived on the issuing CA *. These certs are NOT available
    (to anyone) from other computers unless the user first exports/imports
    his/her certificate to all his/her workstations.

    So, even if an attacker cracks a user's password, he/she will still need the
    certificate to access the EFS encrypted files, which requires that they
    launch the attack while logged on locally to the victim's computer(s).
    Granted, it may be possible to drop a remote control backdoor on the box to
    log on undetected, or do any number of other nasty things to achieve the
    same effect, but it certainly raises the bar.

    While AEFSDR (or similar tools) looks like a handy addition to any
    administrators grab-bag, it doesn't lift any hurdles facing a hacker.

    If the EFS encrypted data is important enough (or the user hops workstations
    enough), you can remove the user's profile from the picture by requiring
    smart cards for EFS. The key pairs are stored on the card rather than the
    computer, allowing users to roam, and forcing the attacker to acquire both
    the username/password to logon to the computer, and the smart card/PIN to
    access the files.

    Cheers,

    Kevan S.

    * Private/Public key pairs may be archived to the CA under the following
    circumstances:
            - V2 certificate (V1 certificates cannot be archived)
            - Issued FROM a Windows 2003 Enterprise or DataCenter edition CA

                    (not Standard Ed)
            - Issued TO a user (as opposed to a computer)
            - Issued FOR encryption/authentication purposes (not signing/
                    non-repudiation).
            - Client certificate must be stored in the user profile. You cannot

                    archive certificates issued to a smart card.

    -----Original Message-----
    From: Nicolas RUFF (lists) [mailto:ruff.lists@edelweb.fr]
    Sent: Tuesday, May 11, 2004 11:02 AM
    To: focus-ms@securityfocus.com
    Subject: Re: Relative Security Provided by Cached Domain Credentials?

    > triple DES from memory
    >
    >>On a related note to part of the discussion in the 'Restricting change

    >>of local admin' thread, does anyone know of a non-brute force way to
    >>break the encryption on cached domain credentials? Local accounts are

    >>easily modified or reset, but I'm not aware of any similar exploits
    >>for cached domain credentials. Given that EFS' effectiveness to
    >>secure laptop-stored data in a domain environment lives and dies by
    >>the security of the cached credentials, I'm curious to know just *how
    >>much* more secure they are.

            Hi,

    About EFS :
    -----------

    - EFS encryption is 3DES (unless you have a restricted export version of
    Windows), with a random FEK (File Encryption Key) for each file.
    - FEK is encrypted with RSA, using the EFS User Certificate (Public Key).
    - Eventually, the user Private Key is encrypted with his Windows Password.

    So if you know the user password, you can decipher all EFS encrypted files.
    See "Advanced EFS Data Recovery" tool from ElcomSoft :
    http://www.elcomsoft.com/aefsdr.html

    About Cached Logons :
    ---------------------

    Cached logons are stored in LSA Secrets and NL$ hidden keys. Basically, it
    is a salted hash :
    NTLMHash( username + NTLMHash(password) ) so you have to bruteforce. The
    salt key is the username, so if you have N accounts to crack, it takes N
    times the time to crack one account.

    Since this attack is very time-consuming and has little chance to succeed if
    user password > 6 chars, there is no public exploit available. Hint : get an
    IDA Pro license if you want to know more :-)

    -nicolas-

    ------------------------------------------------------------------------ 

    ---
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
---------------------------------------------------------------------------

  • Next message: Paul.Bastide_at_Wearguard-Crest.com: "RE: Workstation service deletes itself??"

    Relevant Pages

    • Re: What am I doing wrong?
      ... > after I make the EFS work. ... Then I've exported my encryption certificate to a file on a diskette. ... > certificate into a file on a floppy, and I did select the "Yes, export ...
      (microsoft.public.windowsxp.security_admin)
    • Re: About EFS and local certificate that I want to export
      ... You need to get your head around how EFS works. ... EFS is local file encryption. ... the file is transferred to/from the server in the clear. ... you added the incorrect EFS certificate in step 4. ...
      (microsoft.public.windows.server.security)
    • Re: EFS woes
      ... I changed my domain password which broke EFS 1. ... not the same thumbprint as on my exported certificate. ... inheriting the encryption status. ...
      (microsoft.public.windowsxp.security_admin)
    • Re: EFS Recover Agents Unable to decrypt files
      ... Permissions were checked to make sure that the EFS RA had full ... The EFS RA imported it's EFS RA certificate from storage in a secure ... I tried to decrypt the file after only importing the ... a special recovery key is created with the encryption process. ...
      (microsoft.public.win2000.file_system)
    • RE: Relative Security Provided by Cached Domain Credentials?
      ... So when a user logs on the w2k terminal using a smartcard + pin no (rather ... If it does then EFS ... profile currently logged on for the private certificate. ...
      (Focus-Microsoft)