Re: Best free encryption method?

From: winged (winged_at_nofollow.com)
Date: 12/14/04 

Date: 13 Dec 2004 21:14:48 EST

nemo outis wrote:
> In article
> <1102957595.348359.169820@c13g2000cwb.googlegroups.com>,
> tcpsyn@gmail.com wrote:
>
>>I think Mike was trying to say if you have sensitive information that
>>you are storing on an encrypted floppy, to make sure that you dispose
>>of any temporary files that are created that could hold your
>>information in plaintext.
>>
>>Windows XP introduced EFS, Encrypted File System.. If you right click
>>on a folder and go to its properties, you can chose to either encrypt
>>or compress a folder. Then the only user that can decrypt the file is
>>the one whos SID encrypted it, or an encryption agent (Administrator).
>>
>>Heres a tutorial.
>>http://www.iopus.com/guides/efs.htm
>
>
>
> EFS works. But there are serious "lurks" for the unwary.
>
> Putting aside for the moment the (by no means trivial) question
> of backdoors and the NSA, the problems with EFS include:
>
> 1. It is not an OTF (on the fly) encryption scheme. Instead
> it extracts encrypted files as plaintext versions onto the HD and
> later erases them when the (possibly modified) plaintext version
> is reencrypted. These deleted-but-not-scrubbed extracted
> plaintext versions are a major headache requiring scrubbing, etc.
>
> Also, if an unencrypted (plaintext) file is used in, say,
> Microsoft Word, there are significant dangers of additional
> plaintext leakage paths (e.g., ~.tmp files, etc.)
>
> 2. You must take **special measures** to ensure that the
> decrypting keys have been removed from the HD. The default is to
> **keep** them on the HD (using a pretty weak protection scheme)
> for administrative purposes.
>
> In short, EFS can work moderately well, but managing it properly
> is not obvious or straightforward and therein lies the danger.
>
> Regards,

Well put. I gotta find a secret...

Relevant Pages

  • Re: Best free encryption method?
    ... I think Mike was trying to say if you have sensitive information that ... Windows XP introduced EFS, Encrypted File System.. ... on a folder and go to its properties, you can chose to either encrypt ... do you know what Mike meant by "watch out for those temporary ...
    (alt.computer.security)
  • Re: Best free encryption method?
    ... >information in plaintext. ... >Windows XP introduced EFS, Encrypted File System.. ... It is not an OTF encryption scheme. ...
    (alt.computer.security)
  • RE: Laptop Security - Microsoft EFS
    ... With EFS the keyare unique to the drive. ... EFS to encrypt system files. ... cleartext during a mount attack, but the easiest way for an attacker to gain ... who can also decrypt the respective persons info. ...
    (Security-Basics)
  • RE: EFS rollout using Active Directory
    ... I just have something to add to the Final Thought regarding laptop users: ... You can implement EFS on systems running Windows 2000 and Windows XP ... Stand-alone workstations generate their own public key certificate that you ... encrypt the contents of their files or folders. ...
    (Focus-Microsoft)
  • Re: VS2005 website deployment problems with EFS
    ... It is not WIndows EFS, but it does encrypt. ... publish website or copy website deployment methods without manually ... If I manual decrypt the files then the manual copy the files it is quick as ...
    (microsoft.public.dotnet.framework.aspnet)