Re: How secure is EFS?

From: Karl Levinson [x y] mvp (levinson_k@despammed.com)
Date: 03/01/03 

From: "Karl Levinson [x y] mvp" <levinson_k@despammed.com>
Date: Sat, 1 Mar 2003 09:36:03 -0500

Yes, but note that these issues such as data loss also affect users of any
other form of encryption, including PGP. If your hard drive crashes and you
didn't properly back up your PGP encryption keys, your data and/or emails
are gone forever.

PGP has some nice features, such as how it specifically prompts the user to
back up the encryption keys during installation, and how you can just
install it and not have to worry about changing your syskey boot options to
prevent someone from easily attacking the Windows SAM to decrypt the files.
Also, PGP does secure file deletion, encrypts emails, and signs and hashes
emails and other objects for non-repudiation.

On the other hand, it's extremely easy to change your syskey options, and
AFAIK you would only need to enter your EFS / Syskey password once at
bootup, as opposed to PGP which AFAIK makes you enter your long passphrase
for every file and email you read or write [if both encryption and
non-repudiation are used]. Using PGP in such a way that you have to keep
entering your pass phrase for every encrypted or signed email can be a real
pain.

Said differently, both PGP and EFS are very secure if you use them right,
and you can lose all your data if you don't use them right.

> "Torgeir Bakken (MVP)" <Torgeir.Bakken-spam@hydro.com> wrote in message
> news:3E5EB7F5.E9F41652@hydro.com...
> > "Privacy, please" wrote:
> >
> > > Secure enough that many people have forever lost their data....
> >
> > Some calls EFS the "delayed Recycle Bin" ;-) 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.449 / Virus Database: 251 - Release Date: 1/27/2003

Relevant Pages

  • Amazingly stupid KathLOON cyberterrorist and LIAR!
    ... destruction from using the Internet and on-line services to steal from, ... However, the NSA does indeed monitor all Internet communication, just ... and that is strong encryption. ... In the documentation for PGP, the program's author, Phil Zimmermann, ...
    (sci.med.diseases.lyme)
  • RE: [Full-Disclosure] On PGP (was: Wiretap or Magic Lantern?)
    ... > encryption software used by the left-wing revolutionaries. ... > The software separating the investigators from a potentially ... > years ago after a decade of quiescence, was PGP (Pretty Good ... > Zimmermann said in a telephone interview. ...
    (Full-Disclosure)
  • Kathleen Advocates Cyber-Terrorism
    ... Government Spying on the Internet ... However, the NSA does indeed monitor all Internet communication, just ... and that is strong encryption. ... In the documentation for PGP, the program's author, Phil Zimmermann, ...
    (sci.med.diseases.lyme)
  • Re: Calling Al-Jazeera
    ... NSA then proves the ... Government Spying on the Internet ... and that is strong encryption. ... In the documentation for PGP, the program's author, Phil Zimmermann, ...
    (sci.med.diseases.lyme)
  • RE: Suggested "safe" password length
    ... as i recall ashish stated that he was running linux with MD5 hashing. ... the password encryption function breaks passwords into ... character, each encrypted with the same function. ... PGP / XML GATEWAY APPLIANCE ...
    (Security-Basics)