For a laptop not joined to a domain, what issues could
arise in ongoing toggling from Syskey Mode 1 (the default,
where the key is stored obfuscated on the local machine) to
Syskey Mode 2 (user provided password at boot).

The scenario is enabling Syskey in Mode 2 while traveling,
then toggling to Syskey Mode 1 at home (when physical
access can be assured).

One possible concern is losing access to EFS encrypted
files over time as a result of an inability to decrypt
master keys (which would be encrypted by Syskey).

What threat do expect to mitigate by changing the syskey mode?

--
Steve




"Martin Weld" > wrote in message
...
> For a laptop not joined to a domain, what issues could
> arise in ongoing toggling from Syskey Mode 1 (the default,
> where the key is stored obfuscated on the local machine) to
> Syskey Mode 2 (user provided password at boot).
>
> The scenario is enabling Syskey in Mode 2 while traveling,
> then toggling to Syskey Mode 1 at home (when physical
> access can be assured).
>
> One possible concern is losing access to EFS encrypted
> files over time as a result of an inability to decrypt
> master keys (which would be encrypted by Syskey).

If an attacker steals your computer, she could remove the hard drive, mount
it in another computer, and launch attacks that way.

The best way to mitigate this problem is not to get your computer stolen.
Perhaps it seems flippant, but it's true. Remember: if a bad guy gets hold
of your computer, it isn't your computer anymore.

--
Steve




"Martin Weld" > wrote in message
...
> As a best practice to prevent the system from being booted
> by malicious users, and to thwart offline attacks against
> encrypted data.
>
> Toggling to and from syskey modes 1 and 2 may be
> preferable, when at home as a convenience for occasional
> traveling user, to the ongoing presence of a boot floppy
> which may be lost, stolen, or damaged.
>
> But there may be risks associated with toggling Syskey modes.
>
>>-----Original Message-----
>>What threat do expect to mitigate by changing the syskey mode?
>>
>>--
>>Steve

>>
>>
>>
>>"Martin Weld" > wrote in message
...
>>> For a laptop not joined to a domain, what issues could
>>> arise in ongoing toggling from Syskey Mode 1 (the default,
>>> where the key is stored obfuscated on the local machine) to
>>> Syskey Mode 2 (user provided password at boot).
>>>
>>> The scenario is enabling Syskey in Mode 2 while traveling,
>>> then toggling to Syskey Mode 1 at home (when physical
>>> access can be assured).
>>>
>>> One possible concern is losing access to EFS encrypted
>>> files over time as a result of an inability to decrypt
>>> master keys (which would be encrypted by Syskey).
>>
>>
>>.
>>

Often the best mitigation strategy is not feasible. Such is
the case when enforcing the "our computers shall never be
stolen" policy.

XP's syskey modes 2 and 3 were engineered to mitigate the
offline attack described.

So yes, definitely it was flippant (treating serious things
lightly).


>-----Original Message-----
>If an attacker steals your computer, she could remove the
hard drive, mount
>it in another computer, and launch attacks that way.
>
>The best way to mitigate this problem is not to get your
computer stolen.
>Perhaps it seems flippant, but it's true. Remember: if a
bad guy gets hold
>of your computer, it isn't your computer anymore.
>
>--
>Steve

>
>
>
>"Martin Weld" > wrote in message
...
>> As a best practice to prevent the system from being booted
>> by malicious users, and to thwart offline attacks against
>> encrypted data.
>>
>> Toggling to and from syskey modes 1 and 2 may be
>> preferable, when at home as a convenience for occasional
>> traveling user, to the ongoing presence of a boot floppy
>> which may be lost, stolen, or damaged.
>>
>> But there may be risks associated with toggling Syskey
modes.
>>
>>>-----Original Message-----
>>>What threat do expect to mitigate by changing the syskey
mode?
>>>
>>>--
>>>Steve

>>>
>>>
>>>
>>>"Martin Weld" > wrote in message
...
>>>> For a laptop not joined to a domain, what issues could
>>>> arise in ongoing toggling from Syskey Mode 1 (the default,
>>>> where the key is stored obfuscated on the local
machine) to
>>>> Syskey Mode 2 (user provided password at boot).
>>>>
>>>> The scenario is enabling Syskey in Mode 2 while traveling,
>>>> then toggling to Syskey Mode 1 at home (when physical
>>>> access can be assured).
>>>>
>>>> One possible concern is losing access to EFS encrypted
>>>> files over time as a result of an inability to decrypt
>>>> master keys (which would be encrypted by Syskey).
>>>
>>>
>>>.
>>>
>
>
>.
>