> Does anyone know of any other major weaknesses in the EFS encryption, > certificate handling, encryption, etc? For this group I'm particularly > looking for areas of the hard drive that may contain hidden plaintext > copies of normally encrypted documents. Ryan, EFS has a bunch of problems, especially on Win2k. In my mind, the most insidious problem is that the cryptographic key to decrypt files is not cryptographically tied to the user password in some way (on Win2k.) I submit, as an exercise to the reader: -encrypt a file with EFS under some user acount. -use a tool like the pnordahl Offline Registry Editor utility to change the user password. -log in using the changed password and attempt to decrypt the file. The lesson of this parable is as follows: if a bad guy has physical access to a *Win2k* (operates differently under XP) machine where files are encrypted with EFS, he can decrypt any encrypted files in a matter of a couple minutes. FYI. -E ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Jun 27 2003 - 06:20:50 PDT