efs and "encryption" overall... help?

what can a person do if they want to encrypt the contents of their harddrive
so that even if someone physically removed the drive, nothing would be
readable?

heres how i understand the EFS as it works with ms windows....
i can encrypt a file, folder, or even a whole drive. at the time of the
first encryption a certificate is created that is used to decrypt those
file. if you remove the certificate, then log off and back on, you will not
have access to the previously encrypted files, all good so far? but what
good is this if the certificate is stored on the same drive? im sure it
could be obtained and used to decrypt files if the drive was removed.
obviously even the strongest password on your user account does nothing to
help if you dont use encryption because again, physically removing the drive
and connecting it to another machine will get around the logon password. so
my question, again, is: how can a person encrypt the contents of a harddrive
in such a way so that the ONLY way to access the files on it would be to
successfully logon as the user who originally encrypted the files? in this
way a strong password would make it mathematically unlikely that your files
would be read by anyone. thanks in advance

<snip>

> but what good is this if the certificate is stored on the same drive? im
sure it
> could be obtained and used to decrypt files if the drive was removed.

Private key is encrypted in user's profile. User's profile is protected with
user's password. You have to "physically" logon to the profile to get access
to private keys that will decrypt the files. There is no known reliable way
to break this protection of private keys if you don't know the password to
access the profile (if you don't believe me, check the WindowsXP newsgroup
with people asking how the get their files after they lost their
profiles...)...
If users use strong -- hard to guess passwords keys are safe on the hard
drive.

Even if you backup the files on NTFS (EFS only works on NTFS) and restore
the files to FAT or FAT32 you won't get your encrypted files. From the
backup you will get the list of files where size of each file will be 0
(empty file)...
If administrator changes user's password and then logons to users computer
with his username and password he won't be able to read user's documents
that were protected with EFS since password change was done in the
"forceful" way. If user changes his password this won't be a problem...

If you decide to implement the EFS, be smart about it and have a very good
plan. Plan should include how to recover data if user loses his
profile/private key... Implement Recovery Agent before you implement EFS.

Above solution is based on self signed certificate. You can also look at
setting up your own CA and issuing EFS certificate on this CA server.

Check this article on Microsoft website on EFS. Also read the documents
mentioned in this article...

Encrypting File System in Windows XP and Windows Server 2003
http://www.microsoft.com/technet/pro...y/cryptfs.mspx

Mike

Just to add to Mike's advice that in addition to using strong passwords that
require password complexity and at least eight characters be sure to disable
storing of lm hash on the computer. It is easy to reset the built in
administrators password on any computer that a hacker has full physical
access to. If that happens the attacker could use something like LC5 to
crack the users password to access their EFS private key. Lm hashes are
extremely easy to crack.

http://support.microsoft.com/default...EN-US;q299656& -- how to
disable lm hash. Note that password must be changed to erase existing lm
hash.

To be absolutely sure that an attacker can not access EFS encrypted files
the user must export and delete their EFS certificate and private key to a
..pfx file. If Windows 2000 requires the use of a Recovery Agent while
Windows XP Pro does not. A Recovery Agent private key left on the computer
could also be used to decrypt a users EFS files. XP Pro also uses much
stronger encryption to encrypt EFS files, not that it would be easy to crack
Windows EFS files without a LOT of horsepower and a very long time. Long
enough to probably make the data long obsolete. Keep in mind that with XP
Pro that more then one user may be able to decrypt the file if the original
user added other users to the list and their private keys exist on the
computer. Efsinfo can list what users and Recovery Agents can decrypt a
specific file. --- Steve


<(E-Mail Removed)> wrote in message
news:bLvbd.6321$(E-Mail Removed) t...
> what can a person do if they want to encrypt the contents of their
> harddrive so that even if someone physically removed the drive, nothing
> would be readable?
>
> heres how i understand the EFS as it works with ms windows....
> i can encrypt a file, folder, or even a whole drive. at the time of the
> first encryption a certificate is created that is used to decrypt those
> file. if you remove the certificate, then log off and back on, you will
> not have access to the previously encrypted files, all good so far? but
> what good is this if the certificate is stored on the same drive? im sure
> it could be obtained and used to decrypt files if the drive was removed.
> obviously even the strongest password on your user account does nothing to
> help if you dont use encryption because again, physically removing the
> drive and connecting it to another machine will get around the logon
> password. so my question, again, is: how can a person encrypt the contents
> of a harddrive in such a way so that the ONLY way to access the files on
> it would be to successfully logon as the user who originally encrypted the
> files? in this way a strong password would make it mathematically unlikely
> that your files would be read by anyone. thanks in advance
>
>

thank you both! few issues: i encrypted a file, then exported and deleted
the cert. logged off and then back on and could not access the file. this is
because the cert is gone i assume. but Steve said to be absolutely sure a
person should export and delete the cert. im confused. could you comment on
this please?


"Steven L Umbach" <(E-Mail Removed)> wrote in message
news:Okqd%(E-Mail Removed)...
> Just to add to Mike's advice that in addition to using strong passwords
> that require password complexity and at least eight characters be sure to
> disable storing of lm hash on the computer. It is easy to reset the built
> in administrators password on any computer that a hacker has full physical
> access to. If that happens the attacker could use something like LC5 to
> crack the users password to access their EFS private key. Lm hashes are
> extremely easy to crack.
>
> http://support.microsoft.com/default...EN-US;q299656& -- how
> to disable lm hash. Note that password must be changed to erase existing
> lm hash.
>
> To be absolutely sure that an attacker can not access EFS encrypted files
> the user must export and delete their EFS certificate and private key to a
> .pfx file. If Windows 2000 requires the use of a Recovery Agent while
> Windows XP Pro does not. A Recovery Agent private key left on the computer
> could also be used to decrypt a users EFS files. XP Pro also uses much
> stronger encryption to encrypt EFS files, not that it would be easy to
> crack Windows EFS files without a LOT of horsepower and a very long time.
> Long enough to probably make the data long obsolete. Keep in mind that
> with XP Pro that more then one user may be able to decrypt the file if the
> original user added other users to the list and their private keys exist
> on the computer. Efsinfo can list what users and Recovery Agents can
> decrypt a specific file. --- Steve
>
>
> <(E-Mail Removed)> wrote in message
> news:bLvbd.6321$(E-Mail Removed) t...
>> what can a person do if they want to encrypt the contents of their
>> harddrive so that even if someone physically removed the drive, nothing
>> would be readable?
>>
>> heres how i understand the EFS as it works with ms windows....
>> i can encrypt a file, folder, or even a whole drive. at the time of the
>> first encryption a certificate is created that is used to decrypt those
>> file. if you remove the certificate, then log off and back on, you will
>> not have access to the previously encrypted files, all good so far? but
>> what good is this if the certificate is stored on the same drive? im sure
>> it could be obtained and used to decrypt files if the drive was removed.
>> obviously even the strongest password on your user account does nothing
>> to help if you dont use encryption because again, physically removing the
>> drive and connecting it to another machine will get around the logon
>> password. so my question, again, is: how can a person encrypt the
>> contents of a harddrive in such a way so that the ONLY way to access the
>> files on it would be to successfully logon as the user who originally
>> encrypted the files? in this way a strong password would make it
>> mathematically unlikely that your files would be read by anyone. thanks
>> in advance
>>
>>
>
>

What I referred to was that the only way to make totally sure that the EFS
encrypted files are safe is to export/delete the certificate and private key
to a .pfx file. Then to access the files again the user would have to import
the certificate/private key back into their computer which can be done by
accessing the .pfx file which will start the wizard to import them and
require the user to enter the password used to protect the private key. The
..pfx file could be stored on a floppy or possibly USB drive which of course
should be separate from the computer.

Realistically, many users will not be religious about deleting and importing
their EFS private key all the time as it is somewhat inconvenient. Disabling
the storage of lm hash and using complex passwords or passphrases would
still go a long way to protecting the private key. --- Steve



<(E-Mail Removed)> wrote in message
news:56Dbd.8699$(E-Mail Removed) t...
> thank you both! few issues: i encrypted a file, then exported and deleted
> the cert. logged off and then back on and could not access the file. this
> is because the cert is gone i assume. but Steve said to be absolutely sure
> a person should export and delete the cert. im confused. could you comment
> on this please?
>
>
> "Steven L Umbach" <(E-Mail Removed)> wrote in message
> news:Okqd%(E-Mail Removed)...
>> Just to add to Mike's advice that in addition to using strong passwords
>> that require password complexity and at least eight characters be sure to
>> disable storing of lm hash on the computer. It is easy to reset the built
>> in administrators password on any computer that a hacker has full
>> physical access to. If that happens the attacker could use something like
>> LC5 to crack the users password to access their EFS private key. Lm
>> hashes are extremely easy to crack.
>>
>> http://support.microsoft.com/default...EN-US;q299656& -- how
>> to disable lm hash. Note that password must be changed to erase existing
>> lm hash.
>>
>> To be absolutely sure that an attacker can not access EFS encrypted files
>> the user must export and delete their EFS certificate and private key to
>> a .pfx file. If Windows 2000 requires the use of a Recovery Agent while
>> Windows XP Pro does not. A Recovery Agent private key left on the
>> computer could also be used to decrypt a users EFS files. XP Pro also
>> uses much stronger encryption to encrypt EFS files, not that it would be
>> easy to crack Windows EFS files without a LOT of horsepower and a very
>> long time. Long enough to probably make the data long obsolete. Keep in
>> mind that with XP Pro that more then one user may be able to decrypt the
>> file if the original user added other users to the list and their private
>> keys exist on the computer. Efsinfo can list what users and Recovery
>> Agents can decrypt a specific file. --- Steve
>>
>>
>> <(E-Mail Removed)> wrote in message
>> news:bLvbd.6321$(E-Mail Removed) t...
>>> what can a person do if they want to encrypt the contents of their
>>> harddrive so that even if someone physically removed the drive, nothing
>>> would be readable?
>>>
>>> heres how i understand the EFS as it works with ms windows....
>>> i can encrypt a file, folder, or even a whole drive. at the time of the
>>> first encryption a certificate is created that is used to decrypt those
>>> file. if you remove the certificate, then log off and back on, you will
>>> not have access to the previously encrypted files, all good so far? but
>>> what good is this if the certificate is stored on the same drive? im
>>> sure it could be obtained and used to decrypt files if the drive was
>>> removed. obviously even the strongest password on your user account does
>>> nothing to help if you dont use encryption because again, physically
>>> removing the drive and connecting it to another machine will get around
>>> the logon password. so my question, again, is: how can a person encrypt
>>> the contents of a harddrive in such a way so that the ONLY way to access
>>> the files on it would be to successfully logon as the user who
>>> originally encrypted the files? in this way a strong password would make
>>> it mathematically unlikely that your files would be read by anyone.
>>> thanks in advance
>>>
>>>
>>
>>
>
>