RE: Decrypt File
From: Jim Barrett (jimb_at_ins.com)
Date: 05/19/03
- Previous message: Jason Normanton: "RE: Decrypt File"
- In reply to: Brian Nottle: "Re: Decrypt File"
- Next in thread: Wayne Maples: "RE: [tech] Decrypt File"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Brian Nottle'" <bnottle@telus.net>, <guanghuyang@yahoo.com.cn>, <security-basics@securityfocus.com> Date: Sun, 18 May 2003 22:50:32 -0400
Sorry,
I don't think that this will work in this case.
From the readme file of the product (their grammar issues, not mine):
"The program can decrypt protected files only if encryption keys (at
least, some of them) are still exist in the system and have not been
tampered."
In this case, there may not be any more encryption keys as the computer
has been wiped.
The nature of EFS is such that certain kinds of decryptions are
difficult. Windows uses a fairly secure symmetric encryption key to
encrypt the file and then encrypts the file encryption key with a
public/private key pair (certificate) that the user then has access to.
If this certificate is destroyed, you are then left with the task of
having to brute force the symmetric key. That is going to take a while.
The certificate used for the encryption can be issued by a certificate
authority if one exists in the enterprise and the computer is a member
of the domain. Otherwise, it generates one on the local workstation.
This is why it is not recommended to use EFS if you are not part of a
domain.
Most of the ways that I know about "breaking" EFS involve faking out the
system into divulging the certificate information such that the
symmetric encryption key can be learned. This would be how the program
you mention probably works. True cracking where you don't have access
to the symmetric key in any form is not going to be easy. Better buy a
Cray (http://www.cray.com/) if you plan to do it.
Jim Barrett, MCSE, CISSA, CISSP, CCNP
Principal Consultant
International Network Services
Boston, MA
-----Original Message-----
From: Brian Nottle [mailto:bnottle@telus.net]
Sent: Friday, May 16, 2003 7:19 PM
To: guanghuyang@yahoo.com.cn; security-basics@securityfocus.com
Subject: Re: Decrypt File
Tried Google and got for my first hit
http://www.crackpassword.com/products/prs/otherms/efs/
Elcomsoft apparently offer a range of Password
recovery software. Havn't tried any of it myself,
but seems worth a try.
Brian Nottle
----- Original Message -----
From: "Jim Barrett" <jimb@ins.com>
To: "'James Yang'" <guanghuyang@yahoo.com.cn>;
<security-basics@securityfocus.com>
Sent: Thursday, May 15, 2003 11:43 AM
Subject: RE: Decrypt File
> You may be out of luck.
>
> If your W2K system is a member of a domain and you have Cert Services
> running, you probably tied your encrypt/decrypt key to your domain
> account. There is also a recovery agent key created and it may be
> assigned to someone in your company.
>
> On the other hand, if this is a standalone workstation you are in
> trouble. When you use EFS on a standalone box, two copies of the
> encrypt/decrypt keys are created. One is tied to the user account
that
> did the encryption and the other to the local Admin account.
>
> If you did a full backup and restore (including all of the W2K system
> files) this should work. If you only backed up your data files and
then
> wiped and rebuilt the system, it is not going to work as you wiped out
> the encrypt/decrypt keys when you wiped out the OS.
>
> Sorry...
>
> -----Original Message-----
> From: James Yang [mailto:guanghuyang@yahoo.com.cn]
> Sent: Wednesday, May 14, 2003 11:39 PM
> To: security-basics@securityfocus.com
> Subject: Decrypt File
>
>
>
> My system occured problem yesterday.I backuped my files and then
>
> reinstalled my W2K system.After I copied back my files I found I
> couldn't
>
> open the encrypted files.
>
> How can I open, could anyone give me a tip.
>
> Thanks.
>
>
------------------------------------------------------------------------
> ---
> Thinking About Security Training? You Can't Afford Not To!
>
> Vigilar's industry leading curriculum includes: Security +, Check
> Point,
> Hacking & Assessment, Cisco Security, Wireless Security & more!
Register
> Now!
> --UP TO 30% off classes in select cities--
> http://www.securityfocus.com/Vigilar-security-basics
>
------------------------------------------------------------------------
> ----
>
>
>
>
>
------------------------------------------------------------------------
-- - > Thinking About Security Training? You Can't Afford Not To! > > Vigilar's industry leading curriculum includes: Security +, Check Point, > Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now! > --UP TO 30% off classes in select cities-- > http://www.securityfocus.com/Vigilar-security-basics > ------------------------------------------------------------------------ -- -- > ------------------------------------------------------------------------ --- Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics ----------------------------------------------------------------------------
- Previous message: Jason Normanton: "RE: Decrypt File"
- In reply to: Brian Nottle: "Re: Decrypt File"
- Next in thread: Wayne Maples: "RE: [tech] Decrypt File"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
