Encrypted files

Jupiter Jones [MVP] wrote:
This is not really a weakness.
Not having the keys is evidence you are not authorized access.
Just like it is not a weakness of your automobile for it not to start
if the key is lost.


"Kerry Brown" *a*m wrote in message
news:% It is possible to remove the certificates from the system and
password
protect them. As the OP had no idea there even was keys/certificates
involved it is pretty unlikely they did this. PGP also uses keys
which have to be protected. Any key based system has this weakness.

Kerry

You're right it's not really a weakness just the way it works. It is a point
of failure that you have to be aware of. Most people using encryption of any
kind don't seem to be aware of the implications of losing the keys.

Kerry

If it's a failure, it is a failure on the user's part in not understanding
how encryption works. It is NOT a failure of the encryption mechanism, nor
is it a failure of the concept. The concept is rock solid!

--


Regards,

Richard Urban
Microsoft MVP Windows Shell/User

Quote from George Ankner:
If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!

"Kerry Brown" *a*m wrote in message
...
Jupiter Jones [MVP] wrote:
This is not really a weakness.
Not having the keys is evidence you are not authorized access.
Just like it is not a weakness of your automobile for it not to start
if the key is lost.


"Kerry Brown" *a*m wrote in message
news:% It is possible to remove the certificates from the system and
password
protect them. As the OP had no idea there even was keys/certificates
involved it is pretty unlikely they did this. PGP also uses keys
which have to be protected. Any key based system has this weakness.

Kerry

You're right it's not really a weakness just the way it works. It is a
point of failure that you have to be aware of. Most people using
encryption of any kind don't seem to be aware of the implications of
losing the keys.

Kerry

Richard Urban wrote:
If it's a failure, it is a failure on the user's part in not
understanding how encryption works. It is NOT a failure of the
encryption mechanism, nor is it a failure of the concept. The concept
is rock solid!

It's a failure point for the procedure of encryption. Why it fails (user
problem) is irrelevant. It is a possible point of failure and needs to be
planned for. Most people don't do the planning so when the key is lost the
procedure fails :-)

Kerry


"Kerry Brown" *a*m wrote in message
...
Jupiter Jones [MVP] wrote:
This is not really a weakness.
Not having the keys is evidence you are not authorized access.
Just like it is not a weakness of your automobile for it not to
start if the key is lost.


"Kerry Brown" *a*m wrote in message
news:% It is possible to remove the certificates from the system
and password
protect them. As the OP had no idea there even was
keys/certificates involved it is pretty unlikely they did this.
PGP also uses keys which have to be protected. Any key based
system has this weakness. Kerry

You're right it's not really a weakness just the way it works. It is
a point of failure that you have to be aware of. Most people using
encryption of any kind don't seem to be aware of the implications of
losing the keys.

Kerry

There you go. USER error! Not encryption error.

--


Regards,

Richard Urban
Microsoft MVP Windows Shell/User

Quote from George Ankner:
If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!

"Kerry Brown" *a*m wrote in message
...
Richard Urban wrote:
If it's a failure, it is a failure on the user's part in not
understanding how encryption works. It is NOT a failure of the
encryption mechanism, nor is it a failure of the concept. The concept
is rock solid!

It's a failure point for the procedure of encryption. Why it fails (user
problem) is irrelevant. It is a possible point of failure and needs to be
planned for. Most people don't do the planning so when the key is lost the
procedure fails :-)

Kerry


"Kerry Brown" *a*m wrote in message
...
Jupiter Jones [MVP] wrote:
This is not really a weakness.
Not having the keys is evidence you are not authorized access.
Just like it is not a weakness of your automobile for it not to
start if the key is lost.


"Kerry Brown" *a*m wrote in message
news:% It is possible to remove the certificates from the system
and password
protect them. As the OP had no idea there even was
keys/certificates involved it is pretty unlikely they did this.
PGP also uses keys which have to be protected. Any key based
system has this weakness. Kerry

You're right it's not really a weakness just the way it works. It is
a point of failure that you have to be aware of. Most people using
encryption of any kind don't seem to be aware of the implications of
losing the keys.

Kerry

Kerry Brown wrote:
this. PGP also uses keys which have
to be protected. Any key based system has this weakness.
Yes but pgp forces you to create a pass phrase and even helps to create a strong one, It never stores the key in th clear. Strong pass phrase makes pgp and similar systes basically unbreakable if you choose a large key.
--
Gil W0MN
Bailar es vivir

Gil Baron wrote:
Kerry Brown wrote:
this. PGP also uses keys which have
to be protected. Any key based system has this weakness.
Yes but pgp forces you to create a pass phrase and even helps to
create a strong one, It never stores the key in th clear. Strong pass
phrase makes pgp and similar systes basically unbreakable if you
choose a large key.

EFS is also unbreakable unless you have the key. The key is password
protected with your Windows user password. Even if you have physical access
you still need to know the password, same as PGP.

Kerry

Richard Urban wrote:
There you go. USER error! Not encryption error.



Wasn't aware that I ever said it was an error that anything to do with
encryption. The whole thread has been about lost keys which is obviously a
user error.

Kerry

"Kerry Brown" *a*m wrote in message
...
Richard Urban wrote:
If it's a failure, it is a failure on the user's part in not
understanding how encryption works. It is NOT a failure of the
encryption mechanism, nor is it a failure of the concept. The
concept is rock solid!

It's a failure point for the procedure of encryption. Why it fails
(user problem) is irrelevant. It is a possible point of failure and
needs to be planned for. Most people don't do the planning so when
the key is lost the procedure fails :-)

Kerry


"Kerry Brown" *a*m wrote in message
...
Jupiter Jones [MVP] wrote:
This is not really a weakness.
Not having the keys is evidence you are not authorized access.
Just like it is not a weakness of your automobile for it not to
start if the key is lost.


"Kerry Brown" *a*m wrote in message
news:% It is possible to remove the certificates from the system
and password
protect them. As the OP had no idea there even was
keys/certificates involved it is pretty unlikely they did this.
PGP also uses keys which have to be protected. Any key based
system has this weakness. Kerry

You're right it's not really a weakness just the way it works. It
is a point of failure that you have to be aware of. Most people
using encryption of any kind don't seem to be aware of the
implications of losing the keys.

Kerry

Kerry Brown wrote:
EFS is also unbreakable unless you have the key. The key is password
protected with your Windows user password. Even if you have physical access
you still need to know the password, same as PGP.

And tell me how many users create a strong password and none of which can be aslong as the pgp phrase
I realize pg integration sucks though so EFS would be used more but removing the key woukd be a lot safer if physical securityc cannot be assured.
--
Gil W0MN
Bailar es vivir

I have the same problem. Didn't know about backing up the EFS certificate.
However, I DID backup the entire contents of the hard disk, so presumably the
original EFS certificate should be there - is there a was I can find it among
the files I restored under "Old C Drive" folder and recover it from there?

I have the computer set up with the identical user name and password I was
using before; would I be correct in assuming the encryption algorythm would
make use of that information?

"Vanguard" wrote:

There is no backdoor to EFS (encryption file system). If you did not export
the EFS certificate so you could later import it then you no longer have the
necessary encryption keys to decrypt your files that were encrypted using
that old EFS certificate.

Go to Start - Help and Support, search on EFS, and read about how you need
to export the EFS certificate (under "Managing Certificates"). Also read
the section "Best practices".

Without a copy of the private key that was on your hard drive in the EFS
certificate file, you have no way to decrypt those files.

"Fuzzy" wrote in message
...
I have the same problem. Didn't know about backing up the EFS certificate.
However, I DID backup the entire contents of the hard disk, so presumably
the
original EFS certificate should be there - is there a was I can find it
among
the files I restored under "Old C Drive" folder and recover it from there?

I have the computer set up with the identical user name and password I was
using before; would I be correct in assuming the encryption algorythm
would
make use of that information?


I see the path "%userprofile%\Application
Data\Microsoft\SystemCertificates\My" looks to have something regarding the
certs. There is also the "%userprofile%\Application Data\Microsoft\Crypto"
that contains encrypted information. However, there is probably matching
data in the ntuser.dat file (the user's keys for the registry) that need to
be used in concert.

I'm not an EFS crypto expert but just another user of EFS, so not having the
exported cert means that I cannot decrypt EFS-protected files accessed under
a different instance of Windows. There are lots of articles at Microsoft,
like
http://technet2.microsoft.com/Window...9c8541033.mspx,
but I don't have the time to make it another career. According to
http://www.accessdata.com/ftkuser/index.html, "EFS Certificate Lists ($EFS
streams) *- FTK will now recognize and interpret $EFS streams. EFS encrypted
files contain an NTFS data stream named "$EFS" which contains a list of
certificates for each user who is able to access the file." I used
Rekenwonder's Stream Explorer and could see the same 164-byte ADS was
attached to to a sample of my EFS-protected files (I wan't going to check
them all). As to whether or not this FTK forensic program can decrypt
EFS-protected files, I don't know. You could ask them. The FTK program
costs $1100. They have forums at http://forums.accessdata.com/ where you
could ask.

If you have the original drive that was not formatted and so all of the
%userprofile% still exists, I believe that there are pay services where you
can get them to decrypt your EFS-protected data files. Such services are
probably very expensive.

--
__________________________________________________
Post replies to the newsgroup. Share with others.
For e-mail: Remove "NIX" and add "#VN" to Subject.
__________________________________________________

Fuzzy wrote:
I have the same problem. Didn't know about backing up the EFS
certificate. However, I DID backup the entire contents of the hard
disk, so presumably the original EFS certificate should be there - is
there a was I can find it among the files I restored under "Old C
Drive" folder and recover it from there?

I have the computer set up with the identical user name and password
I was using before; would I be correct in assuming the encryption
algorythm would make use of that information?


The following program may be able to help you.

http://www.elcomsoft.com/aefsdr.html

Kerry