Re: EFS Private Keys
From: Robert (bwooster1.nospam_at_yahoo.com)
Date: 12/28/03
- Previous message: anonymous_at_discussions.microsoft.com: "Ctrl+Alt+Delete logon doesn't work"
- In reply to: Steven L Umbach: "Re: EFS Private Keys"
- Next in thread: Drew Cooper [MSFT]: "Re: EFS Private Keys"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 28 Dec 2003 12:26:52 -0500
Thanks... just goes to show you, security truly is relative. The best you
can do is strive to make the difficulty of getting to the data more costly
than the value of the data itself.
----------------------------------
"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:QDmHb.672951$Tr4.1688097@attbi_s03...
> The user and recovery agent private EFS keys are stored in the associated
user
> profile and available through the mmc certificate snapin. As other posts
described
> the private keys are protected however the key to the private key is the
user's
> password, so ultimately the private key is only as secure as the user's
password as
> long as it is still on the computer. Worse yet, in W2K a users password
can be reset
> by someone gaining administrator access or if the administrator's password
could be
> reset , and assuming it is the recovery agent on a non domain machine,
then access
> could be gained to the user/recovery agent account and hence access to the
EFS
> encrypted files. It is a very trivial process to reset the administrator's
password
> on a W2K machine with free software from the internet.
>
> XP Pro, improved security by not requiring or creating a recovery agent by
default
> and also by not allowing access to a user's EFS private key if the
password was
> "reset" as can be done in Computer Management/local users and groups by
accessing a
> user account and resetting it where the current password does not need to
be known to
> an administrator. That may not stop someone with physical access from
cracking a
> user's password with a program such as LC 4
http://www.atstake.com/products/lc/ and
> then gaining access to encrypted EFS files.
>
> To protect your EFS files when physical security can not be assured, a
user needs to
> export and delete their private EFS key and that of any recovery agent on
the local
> computer and secure them away from the computer. When that is done the EFS
files are
> secure for most intents and purposes by today's standards and XP pro even
has much
> stronger encryption available for EFS. However, it is possible that there
may be
> hidden clear text copies or fragments of EFS files - particularly if a
program uses a
> temporary folder such as Office in which case you want to also encrypt the
uses temp
> folder. MS also recommends that the cipher /w command be used to remove
clear text
> copies of encrypted files. It is always important to have backups of your
EFS private
> keys, as it is fairly easy to lose access to your files permanently if you
don't. See
> the links below for more info. --- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316
> http://is-it-true.org/nt/nt2000/atips/atips24.shtml
> http://support.microsoft.com/default.aspx?scid=kb;en-us;315672
>
>
> "Robert" <bwooster1.nospam@yahoo.com> wrote in message
> news:OM7pCLDzDHA.1740@TK2MSFTNGP12.phx.gbl...
> > I understand that in W2K the FEK is protected by the user's private key.
> > All well and good, but where is the private key stored, and how is *it*
> > protected??? I assume it is stored on disk or in the registry
someplace.
> > Is there some super-secret OS key that is used to protect all private
keys?
> >
> > Can anyone explain it in such a way that you don't have to be a MCSE to
> > understand it?
> >
> > Thanks for any clarity.
> >
> > Bob
> >
> >
> >
> >
> >
> >
> >
>
>
- Previous message: anonymous_at_discussions.microsoft.com: "Ctrl+Alt+Delete logon doesn't work"
- In reply to: Steven L Umbach: "Re: EFS Private Keys"
- Next in thread: Drew Cooper [MSFT]: "Re: EFS Private Keys"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
