Security Basics mailing list archives
Re: password protect encrypted directory
From: "Kelly D. Lucas" <lucaskeli () fastmail fm>
Date: Mon, 16 Aug 2004 17:06:15 -0500
Windows XP support the Encrypted File System [EFS], as you probably already know. I think once someone has physical access, most security mechanisms will fail. I use OpenSSL to encrypt files, and when used with the 3DES algorithm, I think it will provide good security, and require a password to decrypt the file.
The problem, is that once the file is decrypted, if it is altered it would need to be encrypted again, and the decypted file deleted. This would need to happen every time, and by the user of the file.
If a user has physical access, and you cannot assume that the authenticated user is actually that user, this becomes a much more difficult problem to solve. It breaks the MicroSoft security model, and unless the password is of sufficient length, a brute-force attack would break into it soon enough.
Lucas K.D. Lucas lucaskeli () fastmail fm
-----Original Message-----From: Dana Rawson [mailto:absolutezero273c () nzoomail com] Sent: Thursday, August 12, 2004 12:38 PMTo: security-basics () securityfocus com Subject: password protect encrypted directory G'Day, all. Hope this isn't too basic of an issue but I wanted to ask for your direction if possible. Preface: I have directory which contains sensitive data on a w2k/xp laptop.I have the directory and files residing within encrypted.Issue: I would like to password protect this directory so even the user who is logged into this profile is prompted for a password prior to gaining access to this data. Desired outcome: By accomplishing this (if possible) I wish to deny access to this data via remote entry/being hacked, and also protect the data should the laptop be stolen, or someone walks away from their computer without locking it (i.e. ctrl-alt-del) leaving it wide open for someone to sit down and start playing. Is this something that can be accomplished? Is there commercial or opensource software available? I have found software on the web that states it can password protect a directory, but with out installing and testing all of them how can I know ifit most secure? Has anyone tested or reviewed this type of software?Is anyone familiar with this that might make a recommendation? Thanks again in advance for your time. Regards, Dana ---------------------------------------------------------------------------Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html---------------------------------------------------------------------------- ---------------------------------------------------------------------------Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html----------------------------------------------------------------------------
---------------------------------------------------------------------------Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
Current thread:
- password protect encrypted directory Dana Rawson (Aug 13)
- Re: password protect encrypted directory fiber (Aug 16)
- RE: password protect encrypted directory Thomas T. Evans, III (Aug 16)
- Re: password protect encrypted directory Kelly D. Lucas (Aug 17)
- Re: password protect encrypted directory Danny T. Puckett (Aug 17)
- RE: password protect encrypted directory Hugo Deckx (Aug 17)
- Re: password protect encrypted directory fiber (Aug 23)
- Re: password protect encrypted directory Gethin Jones (Aug 16)
- Re: password protect encrypted directory Dave Dearinger (Aug 16)
- Re: password protect encrypted directory Nelson Santos (Aug 16)
- <Possible follow-ups>
- RE: password protect encrypted directory adisegna (Aug 16)
- Re: password protect encrypted directory - secure Alvin Oga (Aug 17)
- RE: password protect encrypted directory CHRIS GRABENSTEIN (Aug 16)
- RE: password protect encrypted directory Robinson, Sonja (Aug 17)
(Thread continues...)