Re[2]: Relative Security Provided by Cached Domain Credentials?

From: Vyacheslav Ponomarenko (VPonomarenko_at_taos.com)
Date: 05/26/04

  • Next message: Kevan Smith: "RE: Relative Security Provided by Cached Domain Credentials?"
    Date: Tue, 25 May 2004 20:13:54 -0700
    To: focus-ms@securityfocus.com
    
    

    Kim,

    When you use EFS on a file server it encrypts/decrypts data on user's
    behalf via delegation. Thus it can only access keys stored in user's
    profile.

    Vyacheslav

    Tuesday, May 25, 2004, 6:56:01 AM, you wrote:

    KO> I have seen mentioned the use of smartcards for efs certificates in this
    KO> thread a couple of times.

    KO> Although it would be nice in theory it was my understanding that this cannot
    KO> be used at present because not thought about in the efs API, so during
    KO> decreption or encryption for that matter only the personal certificate store
    KO> is checked for a key, not any smartcard related stuff.

    KO> At least that is what I understood about efs and smartcards.
    KO> Has any of you actually tested the smartcard solution, or it this how you
    KO> would theoratically handle it?

    KO> Kim Oppalfens

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Kevan Smith: "RE: Relative Security Provided by Cached Domain Credentials?"

    Relevant Pages

    • Re: EFS and Smart Card
      ... EFS is mostly implemented in the lsass.exe process, ... So when the smartcard CSP attempts to ... smartcards, some extra code would need to be written to obtain the PIN ahead ... > I am still very curious why EFS does not support smart card. ...
      (microsoft.public.win2000.security)
    • Re: EFS and Smart Card
      ... EFS is mostly implemented in the lsass.exe process, ... So when the smartcard CSP attempts to ... smartcards, some extra code would need to be written to obtain the PIN ahead ... > I am still very curious why EFS does not support smart card. ...
      (microsoft.public.security)
    • Re: EFS and Smart Card
      ... EFS is mostly implemented in the lsass.exe process, ... So when the smartcard CSP attempts to ... smartcards, some extra code would need to be written to obtain the PIN ahead ... > I am still very curious why EFS does not support smart card. ...
      (microsoft.public.windowsxp.security_admin)
    • RE: Relative Security Provided by Cached Domain Credentials?
      ... But you can use EFS with smartcards because of caching EFS certificate and private keys. ... during decreption or encryption for that matter only the personal ...
      (Focus-Microsoft)
    • RE: Re[2]: Relative Security Provided by Cached Domain Credential s?
      ... This indeed makes smartcards not usable for efs on file servers. ... The point is that even if you manage to get an efs private key to be stored ...
      (Focus-Microsoft)