Re: EFS - Private Key - External storage

From: Miha Pihler (mihap-news_at_atlantis.si)
Date: 10/29/04 

Date: Fri, 29 Oct 2004 09:21:14 +0200

Hi,

EFS keys must be stored in hard drive where they are stored (encrypted) in
user's profile. If you use hard to guess passwords (pass-phrases that
consist of more then 14 characters) your keys would be secure...

On Windows XP if e.g. administrator was to force change your password to
gain access to your profile and your private key; he/she would still not
have access to your encrypted files...

EFS:
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx

Feel free to post back if you have any additional questions.

Mike

"Thomas Weigel" <entwicklung_nospam__at__octagon_minus_gmbh_dot_de> wrote in
message news:O85wXGYvEHA.3728@TK2MSFTNGP12.phx.gbl...
> Hello,
>
> is it possible to place the decryption key for EFS on an external media
> like
> USB-Stick or floppy or CD to use it from there for decryption? Or has it
> to
> be stored on hard disk?
>
> If it could be stored external this would sovle many security problems and
> reduce cost of security.
> If it doesn't work, who has experience about other directory / file
> encryption software working transparent.
> I would like to secure e-mail adresses, mails and some more stuff which is
> kept in few direcories.
> I am not a specialist in security questions, just searching for a solution
> for some stand alone laptops.
>
> Who knows and can tell me?
>
>
> Thanks a lot ahead
>
> Thomas Weigel
>
>

Relevant Pages

  • RE: Protecting sensitive files on a Windows file server
    ... Protecting sensitive files on a Windows file server ... Recovery keys aren't a problem. ... I don't care what your encryption program ... EFS only works on NTFS partitions. ...
    (Security-Basics)
  • Re: decrypt files after lost pub/priv keys - possible?
    ... We've even had 3rd party reviews of our EFS code - ... Win2k used DES for its symmetric encryption. ... the symmetric keys would have been AES 256 - ...
    (microsoft.public.win2000.security)
  • Re: ciphered files
    ... > If you are not in a domin, and you did not export your encryption keys ... > My view on EFS: ... as well not having created a Recovery Agent (with backup of the ...
    (microsoft.public.windowsxp.security_admin)
  • RE: Encryption on Laptops?
    ... > This type of encryption is strong enough so that it can not be defeated ... over 14,000 computer users trying out various keys finally deciphered the ... which allow the admin password to be easier changed...bypassing EFS ... user account passwords on the box in question, log in as the user, and voila, I have the ...
    (Security-Basics)
  • Re: decrypting files from XP - tough question
    ... EFS uses a hybrid asymmetric/symmetric encryption scheme. ... It is to those keys which EFS encrypted the ... That session key can only be retrieved by those same certificates. ...
    (microsoft.public.security)