Hosting Provided By

RE: looking for EFS weaknesses

From: <ed(at)smartcrypto.com>
Date: Fri Jun 27 2003 - 09:08:35 EDT

> Does anyone know of any other major weaknesses in the EFS encryption,

Ryan, EFS has a bunch of problems, especially on Win2k. In my mind, the most insidious problem is that the cryptographic key to decrypt files is not cryptographically tied to the user password in some way (on Win2k.)

I submit, as an exercise to the reader:

-encrypt a file with EFS under some user acount. -use a tool like the pnordahl Offline Registry Editor utility to change the user password.
-log in using the changed password and attempt to decrypt the file.

The lesson of this parable is as follows: if a bad guy has physical access to a *Win2k* (operates differently under XP) machine where files are encrypted with EFS, he can decrypt any encrypted files in a matter of a couple minutes. FYI.

-E

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Fri Jun 27 09:33:50 2003

This message: [ Message body ]
Next message: Roger A. Grimes: "Re: looking for EFS weaknesses"
Previous message: scz: "a note from the moderator"
In reply to Ryan Smith: "looking for EFS weaknesses"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:44 EDT