Security Basics mailing list archives
RE: Decrypt File
From: "Jim Barrett" <jimb () ins com>
Date: Sun, 18 May 2003 22:50:32 -0400
Sorry, I don't think that this will work in this case.
From the readme file of the product (their grammar issues, not mine):
"The program can decrypt protected files only if encryption keys (at least, some of them) are still exist in the system and have not been tampered." In this case, there may not be any more encryption keys as the computer has been wiped. The nature of EFS is such that certain kinds of decryptions are difficult. Windows uses a fairly secure symmetric encryption key to encrypt the file and then encrypts the file encryption key with a public/private key pair (certificate) that the user then has access to. If this certificate is destroyed, you are then left with the task of having to brute force the symmetric key. That is going to take a while. The certificate used for the encryption can be issued by a certificate authority if one exists in the enterprise and the computer is a member of the domain. Otherwise, it generates one on the local workstation. This is why it is not recommended to use EFS if you are not part of a domain. Most of the ways that I know about "breaking" EFS involve faking out the system into divulging the certificate information such that the symmetric encryption key can be learned. This would be how the program you mention probably works. True cracking where you don't have access to the symmetric key in any form is not going to be easy. Better buy a Cray (http://www.cray.com/) if you plan to do it. Jim Barrett, MCSE, CISSA, CISSP, CCNP Principal Consultant International Network Services Boston, MA -----Original Message----- From: Brian Nottle [mailto:bnottle () telus net] Sent: Friday, May 16, 2003 7:19 PM To: guanghuyang () yahoo com cn; security-basics () securityfocus com Subject: Re: Decrypt File Tried Google and got for my first hit http://www.crackpassword.com/products/prs/otherms/efs/ Elcomsoft apparently offer a range of Password recovery software. Havn't tried any of it myself, but seems worth a try. Brian Nottle ----- Original Message ----- From: "Jim Barrett" <jimb () ins com> To: "'James Yang'" <guanghuyang () yahoo com cn>; <security-basics () securityfocus com> Sent: Thursday, May 15, 2003 11:43 AM Subject: RE: Decrypt File
You may be out of luck. If your W2K system is a member of a domain and you have Cert Services running, you probably tied your encrypt/decrypt key to your domain account. There is also a recovery agent key created and it may be assigned to someone in your company. On the other hand, if this is a standalone workstation you are in trouble. When you use EFS on a standalone box, two copies of the encrypt/decrypt keys are created. One is tied to the user account
that
did the encryption and the other to the local Admin account. If you did a full backup and restore (including all of the W2K system files) this should work. If you only backed up your data files and
then
wiped and rebuilt the system, it is not going to work as you wiped out the encrypt/decrypt keys when you wiped out the OS. Sorry... -----Original Message----- From: James Yang [mailto:guanghuyang () yahoo com cn] Sent: Wednesday, May 14, 2003 11:39 PM To: security-basics () securityfocus com Subject: Decrypt File My system occured problem yesterday.I backuped my files and then reinstalled my W2K system.After I copied back my files I found I couldn't open the encrypted files. How can I open, could anyone give me a tip. Thanks.
------------------------------------------------------------------------
--- Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more!
Register
Now! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics
------------------------------------------------------------------------
----
------------------------------------------------------------------------ -- -
Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security +, Check
Point,
Hacking & Assessment, Cisco Security, Wireless Security & more!
Register Now!
--UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics
------------------------------------------------------------------------ -- --
------------------------------------------------------------------------ --- Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics ----------------------------------------------------------------------------
Current thread:
- Decrypt File James Yang (May 15)
- RE: Decrypt File Sarbjit Singh Gill (May 16)
- RE: Decrypt File Jim Barrett (May 16)
- Re: Decrypt File Brian Nottle (May 17)
- RE: Decrypt File Jim Barrett (May 19)
- Re: Decrypt File Brian Nottle (May 17)
- RE: [tech] Decrypt File Wayne Maples (May 16)
- RE: Decrypt File David Gillett (May 16)
- RE: Decrypt File Jason Normanton (May 19)
- <Possible follow-ups>
- RE: Decrypt File Martijn Dunnebier (May 16)