Security Basics mailing list archives
RE: Hard drive encryption in windows
From: "Roger A. Grimes" <roger () banneretcs com>
Date: Wed, 28 Sep 2005 19:22:42 -0400
-See below. -----Original Message----- From: Rob Thompson [mailto:my.security.lists () gmail com] Sent: Tuesday, September 27, 2005 2:35 PM To: Beauford, Jason Cc: Cesc Santasusana; < Subject: Re: Hard drive encryption in windows No EFS is not good. For starters it is only encrypting the data that you tell it to. What if that file that you are accessing is copied over to the Swap File? Now you have an unencrypted copy on your computer, and a false sense of security. -Any files protected by EFS are encrypted in the page file, too, if the original is encrypted. Also, there are tools freely available on the internet, with just a VERY SMALL amount of looking that will break into the EFS. -None break EFS. There is only one or two tools that claim to do it, and they both brute force the Administrator account password to recover the Admin's EFS private key. That's the main reason why Microsoft decided not to make the Administrator a default recovery agent (DRA) on stand-alone XP Pro boxes. If you allow the admin password to be broken (I can prevent ANY Windows password cracking with just four simple steps, the easiest being to use a long password 15 characters or bigger), recovering EFS files is the least of your worries. Granted it is better than nothing, but if I were you, I wouldn't rely on it strictly as a safe alternative. It's better if you have nothing else at the time and are in a pinch. -It's a good alternative for people who want transparent, good file and folder encryption on NTFS partitions. Make sure you use it in accordance with a secure erasing system, something like Eraser. -EFS does its own erasing now, and they also include an EFS tool that will zero out the blank space on the hard drive for the paranoid. -EFS is decent file and folder encryption. It's not the best, but the price is right, free, and it will be all that many users ever need. -Roger ************************************************************************ *** *Roger A. Grimes, Banneret Computer Security, Consultant *CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, CHFI, TICSA *email: roger () banneretcs com *cell: 757-615-3355 *Author of Honeypots for Windows (Apress) *http://www.apress.com/book/bookDisplay.html?bID=281 ************************************************************************ ****
Current thread:
- Re: Hard drive encryption in windows, (continued)
- Re: Hard drive encryption in windows Gregor Pifko (Sep 26)
- Re: Hard drive encryption in windows Rob Thompson (Sep 28)
- RE: Hard drive encryption in windows Josh Taylor (Sep 26)
- RE: Hard drive encryption in windows Beauford, Jason (Sep 26)
- Re: Hard drive encryption in windows Rob Thompson (Sep 28)
- Re: Hard drive encryption in windows Ansgar -59cobalt- Wiechers (Sep 30)
- Re: Hard drive encryption in windows Rob Thompson (Sep 28)
- Re: Hard drive encryption in windows Steve.Cummings (Sep 26)
- RE: Hard drive encryption in windows Roger A. Grimes (Sep 27)
- RE: Hard drive encryption in windows Webbrain (Sep 28)
- RE: Hard drive encryption in windows Roger A. Grimes (Sep 28)
- RE: Hard drive encryption in windows Roger A. Grimes (Sep 28)