Bugtraq mailing list archives
Re: Cracking Win2K EFS -- Whitepaper
From: bronek () WPI COM PL (Bronek Kozicki)
Date: Tue, 27 Jul 1999 14:18:38 +0200
I have read very carefully article "Cracking Win2000 EFS!" but still I have questions: 1) where private/public key pair is stored ? Article does not mention about (teorethical) possiblity to break into this location. Authors main concern is about breaking into users/adminstrator accounts using old (ie. working with Windows NT 4.0) techniques, not their keys directly. 2) how will described security flaw work if only accounts used are placed on domain contoller (or rather server running Microsoft Active Directory Services) - not local accounts. Under assumption that SAM used to create file (and validate all RA for it) is still secure, described flaw will not work, or am I wrong? Under this assumption reasonable policy (and in my believe not difficult to implement in operation system) would be: "if non-local account is used to encrypt file, DO NOT grant any local account Recovery Agent right on it". The only question is if Microsoft will implement such (or similar) behaviour. Another point (and much bigger problem IMO) is Windows NT "export version" security thanks to poor keys used. Will ever Microsoft decide to use something more secure, like 3DES ? I hope this particular algorithm is not restricted ... and what about IDEA ? Regards Bronek Kozicki <!-- attachment="smime.p7s" --> <HR> <UL> <LI>application/x-pkcs7-signature attachment: smime.p7s </UL>
Current thread:
- Cracking Win2K EFS -- Whitepaper Mark (Jul 26)
- Security Bulletins Digest V. T. Mueller (Jul 26)
- Re: Cracking Win2K EFS -- Whitepaper Bronek Kozicki (Jul 27)