funsec mailing list archives
RE: Stolen laptops and the Windows encrypted file system?
From: "Richard M. Smith" <rms () bsf-llc com>
Date: Wed, 29 Mar 2006 08:10:04 -0500
Another solution would be to allow people to store their EFS encryption keys on a separate device such as a USB flash drive. I also believe that an encrypted folder on a portable hard drive would be safe if it is carried separatly from a laptop which holds the EFS encryption keys. Richard _____ From: ahmad.elkhatib () gmail com [mailto:ahmad.elkhatib () gmail com] On Behalf Of Ahmad Elkhatib Sent: Wednesday, March 29, 2006 5:14 AM To: Valdis.Kletnieks () vt edu Cc: Richard M. Smith; funsec () linuxbox org Subject: Re: [funsec] Stolen laptops and the Windows encrypted file system? EFS is very easily breakable since its tied to the operating system. What you will need is a pre-boot authentication and full disk encryption. Many companies have that such as Pointsec, Safeboot, and Utimaco. Windows Vista has a beefed up version of EFS called BitLocker which i beleive will be part of the enterprise edition. However from comments that have been made from MS officials it seems like there will be some sort of master key or backdoor to break it. -Ahmad On 3/28/06, Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu <mailto:Valdis.Kletnieks () vt edu> > wrote: On Tue, 28 Mar 2006 13:23:03 EST, "Richard M. Smith" said:
The EnCase product description is silent on how it gets encryption keys. It's possible that it must be supplied with keys to do the decrypt.
It's tied to the user's login password - which is known to be easily guessable or crackable a lot of the time. Remember, if you're at the point where you're using EnCase on a box, it's assumed you have access to all the password hashes too. So it's a very short detour to Rainbow, and then it's Game Over.... _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec <https://linuxbox.org/cgi-bin/mailman/listinfo/funsec> Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Stolen laptops and the Windows encrypted file system? Richard M. Smith (Mar 28)
- <Possible follow-ups>
- RE: Stolen laptops and the Windows encrypted file system? Young, Keith (Mar 28)
- RE: Stolen laptops and the Windows encrypted file system? Richard M. Smith (Mar 28)
- Re: Stolen laptops and the Windows encrypted file system? Valdis . Kletnieks (Mar 28)
- Re: Stolen laptops and the Windows encrypted file system? Ahmad Elkhatib (Mar 29)
- RE: Stolen laptops and the Windows encrypted file system? Richard M. Smith (Mar 29)
- Re: Stolen laptops and the Windows encrypted file system? Ron (Mar 29)
- RE: Stolen laptops and the Windows encrypted file system? Henderson, Dennis K. (Mar 29)
- Re: Stolen laptops and the Windows encrypted file system? coderman (Mar 30)
- RE: Stolen laptops and the Windows encrypted file system? Richard M. Smith (Mar 28)