Re: Windows XP Home LSA secrets storesXP loginpassphrase in plain text (John Doe)

[Markus Jansson <seemyhomepage () katsokotisivuilta ni>]

John Doe sayed:
> As what comes to EFS, once you get hold of the administrator
> account, you can decrypt the EFS for _all_ users on the computer. It
> doesn't matter how you acquired the password.

In Windows 2000 this is true, however, in Windows XP this is NOT TRUE. 
In Windows XP the EFS private key is encrypted using users passphrase 
and without the passphrase, you cannot decrypt it.

In Win2k this is not the case, in Win2k
1) Administrator is the (compulsory) recovery agent and can decrypt all 
EFS files anyway.
2) Users private keys are not stored encrypted in the system and anyone 
who can simply sign in with that users credentials (like with 3rd party 
tools) can decrypt users EFS files.

If you dont believe me, I promise to give you 10000 euros if you can 
decrypt my EFS files by simply signing into my computer as 
administrator. If you cannot do that, you will pay me 1000 euros, ok?

--
My computer security & privacy related homepage
http://www.markusjansson.net
Use HushTools or GnuPG/PGP to encrypt any email
before sending it to me to protect our privacy.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/