If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#31
|
|||
|
|||
Encrypted files
Jupiter Jones [MVP] wrote:
This is not really a weakness. Not having the keys is evidence you are not authorized access. Just like it is not a weakness of your automobile for it not to start if the key is lost. "Kerry Brown" *a*m wrote in message news:% It is possible to remove the certificates from the system and password protect them. As the OP had no idea there even was keys/certificates involved it is pretty unlikely they did this. PGP also uses keys which have to be protected. Any key based system has this weakness. Kerry You're right it's not really a weakness just the way it works. It is a point of failure that you have to be aware of. Most people using encryption of any kind don't seem to be aware of the implications of losing the keys. Kerry |
Ads |
#32
|
|||
|
|||
Encrypted files
If it's a failure, it is a failure on the user's part in not understanding
how encryption works. It is NOT a failure of the encryption mechanism, nor is it a failure of the concept. The concept is rock solid! -- Regards, Richard Urban Microsoft MVP Windows Shell/User Quote from George Ankner: If you knew as much as you think you know, You would realize that you don't know what you thought you knew! "Kerry Brown" *a*m wrote in message ... Jupiter Jones [MVP] wrote: This is not really a weakness. Not having the keys is evidence you are not authorized access. Just like it is not a weakness of your automobile for it not to start if the key is lost. "Kerry Brown" *a*m wrote in message news:% It is possible to remove the certificates from the system and password protect them. As the OP had no idea there even was keys/certificates involved it is pretty unlikely they did this. PGP also uses keys which have to be protected. Any key based system has this weakness. Kerry You're right it's not really a weakness just the way it works. It is a point of failure that you have to be aware of. Most people using encryption of any kind don't seem to be aware of the implications of losing the keys. Kerry |
#33
|
|||
|
|||
Encrypted files
Richard Urban wrote:
If it's a failure, it is a failure on the user's part in not understanding how encryption works. It is NOT a failure of the encryption mechanism, nor is it a failure of the concept. The concept is rock solid! It's a failure point for the procedure of encryption. Why it fails (user problem) is irrelevant. It is a possible point of failure and needs to be planned for. Most people don't do the planning so when the key is lost the procedure fails :-) Kerry "Kerry Brown" *a*m wrote in message ... Jupiter Jones [MVP] wrote: This is not really a weakness. Not having the keys is evidence you are not authorized access. Just like it is not a weakness of your automobile for it not to start if the key is lost. "Kerry Brown" *a*m wrote in message news:% It is possible to remove the certificates from the system and password protect them. As the OP had no idea there even was keys/certificates involved it is pretty unlikely they did this. PGP also uses keys which have to be protected. Any key based system has this weakness. Kerry You're right it's not really a weakness just the way it works. It is a point of failure that you have to be aware of. Most people using encryption of any kind don't seem to be aware of the implications of losing the keys. Kerry |
#34
|
|||
|
|||
Encrypted files
There you go. USER error! Not encryption error.
-- Regards, Richard Urban Microsoft MVP Windows Shell/User Quote from George Ankner: If you knew as much as you think you know, You would realize that you don't know what you thought you knew! "Kerry Brown" *a*m wrote in message ... Richard Urban wrote: If it's a failure, it is a failure on the user's part in not understanding how encryption works. It is NOT a failure of the encryption mechanism, nor is it a failure of the concept. The concept is rock solid! It's a failure point for the procedure of encryption. Why it fails (user problem) is irrelevant. It is a possible point of failure and needs to be planned for. Most people don't do the planning so when the key is lost the procedure fails :-) Kerry "Kerry Brown" *a*m wrote in message ... Jupiter Jones [MVP] wrote: This is not really a weakness. Not having the keys is evidence you are not authorized access. Just like it is not a weakness of your automobile for it not to start if the key is lost. "Kerry Brown" *a*m wrote in message news:% It is possible to remove the certificates from the system and password protect them. As the OP had no idea there even was keys/certificates involved it is pretty unlikely they did this. PGP also uses keys which have to be protected. Any key based system has this weakness. Kerry You're right it's not really a weakness just the way it works. It is a point of failure that you have to be aware of. Most people using encryption of any kind don't seem to be aware of the implications of losing the keys. Kerry |
#35
|
|||
|
|||
Encrypted files
Kerry Brown wrote:
this. PGP also uses keys which have to be protected. Any key based system has this weakness. Yes but pgp forces you to create a pass phrase and even helps to create a strong one, It never stores the key in th clear. Strong pass phrase makes pgp and similar systes basically unbreakable if you choose a large key. -- Gil W0MN Bailar es vivir |
#36
|
|||
|
|||
Encrypted files
Gil Baron wrote:
Kerry Brown wrote: this. PGP also uses keys which have to be protected. Any key based system has this weakness. Yes but pgp forces you to create a pass phrase and even helps to create a strong one, It never stores the key in th clear. Strong pass phrase makes pgp and similar systes basically unbreakable if you choose a large key. EFS is also unbreakable unless you have the key. The key is password protected with your Windows user password. Even if you have physical access you still need to know the password, same as PGP. Kerry |
#37
|
|||
|
|||
Encrypted files
Richard Urban wrote:
There you go. USER error! Not encryption error. Wasn't aware that I ever said it was an error that anything to do with encryption. The whole thread has been about lost keys which is obviously a user error. Kerry "Kerry Brown" *a*m wrote in message ... Richard Urban wrote: If it's a failure, it is a failure on the user's part in not understanding how encryption works. It is NOT a failure of the encryption mechanism, nor is it a failure of the concept. The concept is rock solid! It's a failure point for the procedure of encryption. Why it fails (user problem) is irrelevant. It is a possible point of failure and needs to be planned for. Most people don't do the planning so when the key is lost the procedure fails :-) Kerry "Kerry Brown" *a*m wrote in message ... Jupiter Jones [MVP] wrote: This is not really a weakness. Not having the keys is evidence you are not authorized access. Just like it is not a weakness of your automobile for it not to start if the key is lost. "Kerry Brown" *a*m wrote in message news:% It is possible to remove the certificates from the system and password protect them. As the OP had no idea there even was keys/certificates involved it is pretty unlikely they did this. PGP also uses keys which have to be protected. Any key based system has this weakness. Kerry You're right it's not really a weakness just the way it works. It is a point of failure that you have to be aware of. Most people using encryption of any kind don't seem to be aware of the implications of losing the keys. Kerry |
#38
|
|||
|
|||
Encrypted files
Kerry Brown wrote:
EFS is also unbreakable unless you have the key. The key is password protected with your Windows user password. Even if you have physical access you still need to know the password, same as PGP. And tell me how many users create a strong password and none of which can be aslong as the pgp phrase I realize pg integration sucks though so EFS would be used more but removing the key woukd be a lot safer if physical securityc cannot be assured. -- Gil W0MN Bailar es vivir |
#39
|
|||
|
|||
Encrypted files
I have the same problem. Didn't know about backing up the EFS certificate.
However, I DID backup the entire contents of the hard disk, so presumably the original EFS certificate should be there - is there a was I can find it among the files I restored under "Old C Drive" folder and recover it from there? I have the computer set up with the identical user name and password I was using before; would I be correct in assuming the encryption algorythm would make use of that information? "Vanguard" wrote: There is no backdoor to EFS (encryption file system). If you did not export the EFS certificate so you could later import it then you no longer have the necessary encryption keys to decrypt your files that were encrypted using that old EFS certificate. Go to Start - Help and Support, search on EFS, and read about how you need to export the EFS certificate (under "Managing Certificates"). Also read the section "Best practices". Without a copy of the private key that was on your hard drive in the EFS certificate file, you have no way to decrypt those files. |
#40
|
|||
|
|||
Encrypted files
"Fuzzy" wrote in message
... I have the same problem. Didn't know about backing up the EFS certificate. However, I DID backup the entire contents of the hard disk, so presumably the original EFS certificate should be there - is there a was I can find it among the files I restored under "Old C Drive" folder and recover it from there? I have the computer set up with the identical user name and password I was using before; would I be correct in assuming the encryption algorythm would make use of that information? I see the path "%userprofile%\Application Data\Microsoft\SystemCertificates\My" looks to have something regarding the certs. There is also the "%userprofile%\Application Data\Microsoft\Crypto" that contains encrypted information. However, there is probably matching data in the ntuser.dat file (the user's keys for the registry) that need to be used in concert. I'm not an EFS crypto expert but just another user of EFS, so not having the exported cert means that I cannot decrypt EFS-protected files accessed under a different instance of Windows. There are lots of articles at Microsoft, like http://technet2.microsoft.com/Window...9c8541033.mspx, but I don't have the time to make it another career. According to http://www.accessdata.com/ftkuser/index.html, "EFS Certificate Lists ($EFS streams) *- FTK will now recognize and interpret $EFS streams. EFS encrypted files contain an NTFS data stream named "$EFS" which contains a list of certificates for each user who is able to access the file." I used Rekenwonder's Stream Explorer and could see the same 164-byte ADS was attached to to a sample of my EFS-protected files (I wan't going to check them all). As to whether or not this FTK forensic program can decrypt EFS-protected files, I don't know. You could ask them. The FTK program costs $1100. They have forums at http://forums.accessdata.com/ where you could ask. If you have the original drive that was not formatted and so all of the %userprofile% still exists, I believe that there are pay services where you can get them to decrypt your EFS-protected data files. Such services are probably very expensive. -- __________________________________________________ Post replies to the newsgroup. Share with others. For e-mail: Remove "NIX" and add "#VN" to Subject. __________________________________________________ |
#41
|
|||
|
|||
Encrypted files
Fuzzy wrote:
I have the same problem. Didn't know about backing up the EFS certificate. However, I DID backup the entire contents of the hard disk, so presumably the original EFS certificate should be there - is there a was I can find it among the files I restored under "Old C Drive" folder and recover it from there? I have the computer set up with the identical user name and password I was using before; would I be correct in assuming the encryption algorythm would make use of that information? The following program may be able to help you. http://www.elcomsoft.com/aefsdr.html Kerry |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
DRA is Decrypting Files when it shouldn't be!!! | DJ | Security and Administration with Windows XP | 22 | January 20th 06 08:18 AM |
Can't find message | Pete | Windows XP Help and Support | 9 | July 24th 05 11:32 PM |
Ext Drive Encrypted Files Deny Access | MICROSOFT | Security and Administration with Windows XP | 15 | April 24th 05 04:16 PM |
Renaming multiple files | stuart | New Users to Windows XP | 5 | March 31st 05 10:33 PM |
How to recover offline syncronized files | Fazgood | General XP issues or comments | 6 | November 25th 04 03:32 PM |