Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Hard drive encryption in windows

From: "Roger A. Grimes" <roger () banneretcs com>
Date: Wed, 28 Sep 2005 19:22:42 -0400
-See below. 

-----Original Message-----
From: Rob Thompson [mailto:my.security.lists () gmail com] 
Sent: Tuesday, September 27, 2005 2:35 PM
To: Beauford, Jason
Cc: Cesc Santasusana; <
Subject: Re: Hard drive encryption in windows

No EFS is not good.

For starters it is only encrypting the data that you tell it to.  What
if that file that you are accessing is copied over to the Swap File? 
Now you have an unencrypted copy on your computer, and a false sense of
security.
-Any files protected by EFS are encrypted in the page file, too, if the
original is encrypted.

Also, there are tools freely available on the internet, with just a VERY
SMALL amount of looking that will break into the EFS.
-None break EFS. There is only one or two tools that claim to do it, and
they both brute force the Administrator account password to recover the
Admin's EFS private key. That's the main reason why Microsoft decided
not to make the Administrator a default recovery agent (DRA) on
stand-alone XP Pro boxes. If you allow the admin password to be broken
(I can prevent ANY Windows password cracking with just four simple
steps, the easiest being to use a long password 15 characters or
bigger), recovering EFS files is the least of your worries.

Granted it is better than nothing, but if I were you, I wouldn't rely on
it strictly as a safe alternative.  It's better if you have nothing else
at the time and are in a pinch.
-It's a good alternative for people who want transparent, good file and
folder encryption on NTFS partitions.

Make sure you use it in accordance with a secure erasing system,
something like Eraser.
-EFS does its own erasing now, and they also include an EFS tool that
will zero out the blank space on the hard drive for the paranoid.

-EFS is decent file and folder encryption. It's not the best, but the
price is right, free, and it will be all that many users ever need.

-Roger

************************************************************************
***
*Roger A. Grimes, Banneret Computer Security, Consultant 
*CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, CHFI, TICSA
*email: roger () banneretcs com
*cell: 757-615-3355
*Author of Honeypots for Windows (Apress)
*http://www.apress.com/book/bookDisplay.html?bID=281
************************************************************************
****
Previous By Date Next
Previous By Thread Next

Current thread: