This is a multi-part message in MIME format. ------=_NextPart_000_0018_01BED83A.E6499F80 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit I have read very carefully article "Cracking Win2000 EFS!" but still I have questions: 1) where private/public key pair is stored ? Article does not mention about (teorethical) possiblity to break into this location. Authors main concern is about breaking into users/adminstrator accounts using old (ie. working with Windows NT 4.0) techniques, not their keys directly. 2) how will described security flaw work if only accounts used are placed on domain contoller (or rather server running Microsoft Active Directory Services) - not local accounts. Under assumption that SAM used to create file (and validate all RA for it) is still secure, described flaw will not work, or am I wrong? Under this assumption reasonable policy (and in my believe not difficult to implement in operation system) would be: "if non-local account is used to encrypt file, DO NOT grant any local account Recovery Agent right on it". The only question is if Microsoft will implement such (or similar) behaviour. Another point (and much bigger problem IMO) is Windows NT "export version" security thanks to poor keys used. Will ever Microsoft decide to use something more secure, like 3DES ? I hope this particular algorithm is not restricted ... and what about IDEA ? Regards Bronek Kozicki ------=_NextPart_000_0018_01BED83A.E6499F80 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIFszCCAnIw ggHboAMCAQICAwERvDANBgkqhkiG9w0BAQQFADCBuTELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdl c3Rlcm4gQ2FwZTEUMBIGA1UEBxMLRHVyYmFudmlsbGUxGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0 aW5nMSkwJwYDVQQLEyBUaGF3dGUgUEYgUlNBIElLIDE5OTguOS4xNiAxNzo1NTE2MDQGA1UEAxMt VGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIFJTQSBJc3N1ZXIgMTk5OC45LjE2MB4XDTk5MDcwMjEz NTcxN1oXDTAwMDcwMTEzNTcxN1owQzEfMB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEg MB4GCSqGSIb3DQEJARYRYnJvbmVrQHdwaS5jb20ucGwwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA xiNE47c8GFw3rqw8kunswFkMb22GnWFMw0LwyhKOyhdNZk4u/L60pbRfAoFV8/uN6EoMbJ0ptDCT qEegzXaOQwIDAQABo0EwPzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAW gBT+PmCca4wPsNgzxsrGHliwcTi14DANBgkqhkiG9w0BAQQFAAOBgQBoZNmBh7h3pX8PWD/gQ6wY zV630f0mn789vDtesgZmQ6b55hCsNq93aJCN4ZvHIhU6uDTJnhxm8jVSAo4zFkXChGbmBR++YBlm IbudadBJcYyx+eLT1ZxMWvIKArFrYjh+bVv2+YoEQxOcCObN+qC0BOrnXPXC78m3bR8KeHQmPTCC AzkwggKioAMCAQICAQowDQYJKoZIhvcNAQEEBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxX ZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRp bmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1Ro YXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1h aWxAdGhhd3RlLmNvbTAeFw05ODA5MTYxNzU1MzRaFw0wMDA5MTUxNzU1MzRaMIG5MQswCQYDVQQG EwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRQwEgYDVQQHEwtEdXJiYW52aWxsZTEaMBgGA1UE ChMRVGhhd3RlIENvbnN1bHRpbmcxKTAnBgNVBAsTIFRoYXd0ZSBQRiBSU0EgSUsgMTk5OC45LjE2 IDE3OjU1MTYwNAYDVQQDEy1UaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgUlNBIElzc3VlciAxOTk4 LjkuMTYwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMSl5dTU0F8IAu4HIX0kv6trjh7rIAcC FYRrj9CTJB8bne5osrksT+mTZxcQFx6h+UNBI7kwqnaXu/Pn/YHAtTGL9qZQJlTylSjrGaQelx6w 4ribwQSaMtA8CWxP5DVP8Ha/ABMDT0UIYPP8tNCQAYoSyZy6f1LqKpM1Njw85DUvAgMBAAGjNzA1 MBIGA1UdEwEB/wQIMAYBAf8CAQAwHwYDVR0jBBgwFoAUcknCczTGVfQLdnKBfnf0h+fGsg4wDQYJ KoZIhvcNAQEEBQADgYEALMeCHwFDPgeP7mlcqWSC+MCWrZMry5tQ10CagcK6pnadPJVA3FXB4VWC easKKabVDOFXKD6P+bvV3w2TWKpbLYuPM+TdWBU1dnIVKb1C9FqSC3dfnSfbmi1OG4IGjtKNVruV 3tsMZQXelZ4C3VMXvr78a8MaInoUK2G9wp9eeloxggKSMIICjgIBATCBwTCBuTELMAkGA1UEBhMC WkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTEUMBIGA1UEBxMLRHVyYmFudmlsbGUxGjAYBgNVBAoT EVRoYXd0ZSBDb25zdWx0aW5nMSkwJwYDVQQLEyBUaGF3dGUgUEYgUlNBIElLIDE5OTguOS4xNiAx Nzo1NTE2MDQGA1UEAxMtVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIFJTQSBJc3N1ZXIgMTk5OC45 LjE2AgMBEbwwCQYFKw4DAhoFAKCCAWcwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG 9w0BCQUxDxcNOTkwNzI3MTIxODI5WjAjBgkqhkiG9w0BCQQxFgQUYSQzcTI9v35tpaP3g3R4yA4r W2MwMwYJKoZIhvcNAQkPMSYwJDANBggqhkiG9w0DAgIBKDAHBgUrDgMCGjAKBggqhkiG9w0CBTCB 0gYJKwYBBAGCNxAEMYHEMIHBMIG5MQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBl MRQwEgYDVQQHEwtEdXJiYW52aWxsZTEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKTAnBgNV BAsTIFRoYXd0ZSBQRiBSU0EgSUsgMTk5OC45LjE2IDE3OjU1MTYwNAYDVQQDEy1UaGF3dGUgUGVy c29uYWwgRnJlZW1haWwgUlNBIElzc3VlciAxOTk4LjkuMTYCAwERvDANBgkqhkiG9w0BAQEFAARA DaqypKKtuJsFOsfjphA+cbjw9Xh1bcMzOC0CG75ajy6bWZEtOyrqG9HvFuIvhqhSBFcV3seEFFXo tul909cFLgAAAAAAAA== ------=_NextPart_000_0018_01BED83A.E6499F80--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:53:56 PDT