Lets see you set encrypt and backup your files, then go about reinstalling windows and setting up a distributed networking client so your key can be cracked by hundreds of random people who think your a moron.
Lets see you set encrypt and backup your files, then go about reinstalling windows and setting up a distributed networking client so your key can be cracked by hundreds of random people who think your a moron.
Lol...not to mention that EFS encryption on XP is 256 bit AES, as opposed to 128 bit 3DES on Windows 2000.
I'm amazed this thread continally gets revived some new FUD or another. Read my posts carefully. Taking ownership does not decrypt a file. Moving a file to a fat32 volume does not decrypt a file. Compressing a file does not decrypt a file.
But by all means, keep the theories coming. It is somewhat amusing
I'm amazed this thread continally gets revived some new FUD or another. Read my posts carefully. Taking ownership does not decrypt a file. Moving a file to a fat32 volume does not decrypt a file. Compressing a file does not decrypt a file.
But by all means, keep the theories coming. It is somewhat amusing
Not to be annoying, but I believe 3DES is a 168 bit algorithm. DES=64-8 bits of parity=56 bits, and 3DES would be 3*56 key strength, although the key is 192 bits long.
The technicalities mentioned about compression and moving to different file systems IS true, but there are warnings so it really is your own fault if you ignore them.
If anyone is so inclined as to prolong the life of this informational thread, could anyone tell me whether or not you think ECC will be a good cipher for the future.
Oh yeah, and I think the information from this thread should be compressed for easy reading.
They are only true if you have your private key! If you have the key and you compress or move a file to a fat32 volume, your key will decrypt it first. Moving the file or trying to compress it will not magically decrypt it.
I'm a day late and a dollar short. I just reinstalled WinXP Pro over the weekend. (Reformatted the C:\ partition and the encrypted stuff is on the D:\ partition). I lucked out cuz the data isn't all that important, but in the future:
Where are the keys stored? What kind of files are they? How can I back them up?
Thanks!
Where are the keys stored? What kind of files are they? How can I back them up?
Thanks!
Alright, how about a different approach.
I used EFS on a text file that contained the login and password information for a LOT of websites i go to that are pretty important, including ebay, paypal, my bank, my credit card, my webhosting, etc.
while i was testing out different ways to lock a client's kid out of certain items, i tested out EFS on a couple of picture files i had. I used the same account for both my password file and the pictures, and therefore they should have the same key.
windows xp pro started acting up, and i did a fresh install, not realizing that the files were still encrypted.
i've used the Cipher command to attempt to define a recovery agent and managed to generate a couple of new keys, but the keys only allow me access to the file genericly, and will not allow me to see the contents. i'm also trying with a hex-editor, but at last attempt, was unable to allow access to the file to Ultra-Edit.
my idea comes like this....i found the pciture files accidently since they were just a test..i had forgotten that i encrypted them and just left them...but as they were just a test, i actually had completely untouched, unencrypted versions of the files. The password files was not a test, that was for real, and i would like to get that info back, though it's not looking good. Also, one of the pictures went bad on the backup, so now my only copy of that is encrypted.
i have 10 picture files, 5 unencrypted, 5 encrypted with 1 key. is there a way to do a hex level comparison to try to hunt down the key? it would be the same for each one, wouldn't it?
just a theory, not much hope in it.
thanx in advance
/<
I used EFS on a text file that contained the login and password information for a LOT of websites i go to that are pretty important, including ebay, paypal, my bank, my credit card, my webhosting, etc.
while i was testing out different ways to lock a client's kid out of certain items, i tested out EFS on a couple of picture files i had. I used the same account for both my password file and the pictures, and therefore they should have the same key.
windows xp pro started acting up, and i did a fresh install, not realizing that the files were still encrypted.
i've used the Cipher command to attempt to define a recovery agent and managed to generate a couple of new keys, but the keys only allow me access to the file genericly, and will not allow me to see the contents. i'm also trying with a hex-editor, but at last attempt, was unable to allow access to the file to Ultra-Edit.
my idea comes like this....i found the pciture files accidently since they were just a test..i had forgotten that i encrypted them and just left them...but as they were just a test, i actually had completely untouched, unencrypted versions of the files. The password files was not a test, that was for real, and i would like to get that info back, though it's not looking good. Also, one of the pictures went bad on the backup, so now my only copy of that is encrypted.
i have 10 picture files, 5 unencrypted, 5 encrypted with 1 key. is there a way to do a hex level comparison to try to hunt down the key? it would be the same for each one, wouldn't it?
just a theory, not much hope in it.
thanx in advance
/<
wanted to add in some info:
http://www.ntfs.com/attribute-encrypted-files.htm
this link provided me with a hex break-down of the encryption...at least, so i think.
below is the MS knowledge base showing how i managed to get a key generated:
--
To generate a recovery agent certificate
Log on as an administrator.
At a command prompt, type:
cipher /r:filename
This generates importable .pfx and .cer files with the file names you specify.
To designate a DRA
Log on as the intended DRA.
Open the Certificates snap-in, and import the .cer file containing the recovery agent certificate.
? or ?
Import the .pfx file containing the recovery key.
----
this "worked" in a sense, but didnt' give me access to the file content, just the Details option in the file properties (which i didn't have before). it also will not allow me to add other user certificates to the file to allow other unencryptions. Lastly, in the Data Recovery Agent box, there are no DRAs listed.
i know it's worthless, but HELP!!
/<
http://www.ntfs.com/attribute-encrypted-files.htm
this link provided me with a hex break-down of the encryption...at least, so i think.
below is the MS knowledge base showing how i managed to get a key generated:
--
To generate a recovery agent certificate
Log on as an administrator.
At a command prompt, type:
cipher /r:filename
This generates importable .pfx and .cer files with the file names you specify.
To designate a DRA
Log on as the intended DRA.
Open the Certificates snap-in, and import the .cer file containing the recovery agent certificate.
? or ?
Import the .pfx file containing the recovery key.
----
this "worked" in a sense, but didnt' give me access to the file content, just the Details option in the file properties (which i didn't have before). it also will not allow me to add other user certificates to the file to allow other unencryptions. Lastly, in the Data Recovery Agent box, there are no DRAs listed.
i know it's worthless, but HELP!!
/<
Before my head explodes...
The main idea is, when you still had access to the files, did you specify a recovery agent? Did you, in any way shape of form, export the private keys or at least some information from your account?
If you did not do these things and did a full reinstall, you will not be able to recover the keys because the OS would've overwritten them, unles you can examine every bit of the hard drive and determine where the orginal key is.
That out of the way, read the main ideas of this thread. I'm sorry for your loss of passwords and private information, but the chances of you recovering these files is null.
And you should realize that if you could crack AES 256 bit encryption with just a hex level comparison between 2 picture files, the state of National Security would be in grave danger.
The main idea is, when you still had access to the files, did you specify a recovery agent? Did you, in any way shape of form, export the private keys or at least some information from your account?
If you did not do these things and did a full reinstall, you will not be able to recover the keys because the OS would've overwritten them, unles you can examine every bit of the hard drive and determine where the orginal key is.
That out of the way, read the main ideas of this thread. I'm sorry for your loss of passwords and private information, but the chances of you recovering these files is null.
And you should realize that if you could crack AES 256 bit encryption with just a hex level comparison between 2 picture files, the state of National Security would be in grave danger.
According to This article on Tom's, an expensive forensics program called EnCase WILL break NTFS encryption.
Not that I fully trust the reliability of the article...
Not that I fully trust the reliability of the article...
I haven't paid much attention to who wrote what article. Maybe I should, there is a large variance in quality from one article to another on THG. The software breaking the NTFS encryption is a rather incredible claim which I have a hard time buying without seeing it confirmed elsewhere.
Hi,
I'm using win Xp Pro on my standalone PC and I have more 2GB of photos & document files encrypted. Now, after my OS corrupted and did a Fresh Installation of win Xp, I can't access my encrypted files.
I did backup my Documents and Settings folder a few weeks before my OS corrupted. I tried to restore my Documents and Settings but I still couldn't access that files.
I tried Advanced EFS Recovery Software (Demo) and it can find my private key in Documents and Settings folder and decrypt my files after I entered my previous username and password, but sadly it only decrypt the first 512 bytes of each file because of the limitations of the demo version (which mean any file larger than 512 bytes will not decrypted). The software price is too much for me(USD$99).
Is there any other way for me to decrypt my files?
Any helps is much appreciated
I'm using win Xp Pro on my standalone PC and I have more 2GB of photos & document files encrypted. Now, after my OS corrupted and did a Fresh Installation of win Xp, I can't access my encrypted files.
I did backup my Documents and Settings folder a few weeks before my OS corrupted. I tried to restore my Documents and Settings but I still couldn't access that files.
I tried Advanced EFS Recovery Software (Demo) and it can find my private key in Documents and Settings folder and decrypt my files after I entered my previous username and password, but sadly it only decrypt the first 512 bytes of each file because of the limitations of the demo version (which mean any file larger than 512 bytes will not decrypted). The software price is too much for me(USD$99).
Is there any other way for me to decrypt my files?
Any helps is much appreciated
That's why you only encrypt things you already backed up on cdr or dvdr and don't want anyone have access to it for the extra paranoid. KEY: backup! don't be cheap or lazy
:thumbsup:
If it says it can recover the private key, good for you! Basically the only way you will be able to recover those files without the key file easily accessible will be to spend quite a bit of money to get those programs, which may or may not work.
Not unless you can gain access to NEC's Earth Simulator
heheNice post though... thanks a lot for the info.
The theoretical limit for that simulator is a little over 40 teraflops, I believe. It took thousands of Sun Workstations, Xeons, and Athlon computers quite a while to crack the last either RSA, ECC, or AES challenge. I'm not arguing that the key is ultra secure, just that it would still take a while to do it. But I do not have the time to try to calculate exactly how long it would take.
2^39 per second
gen new number
compare
assuming that the program used for such a crack was (falsely) so efficient, that it could handle a generation, comparison, and loop in a single calculation (it cant, but I like to be very-very conservative), it would still take half of 2^87th seconds (roughly 77371252455336267181195264 seconds).
Uhh.. i think that comes out to 2 and a half thousand trillian millinia, give or take a few hundred thousand years.
Thats brute-force anyway.
gen new number
compare
assuming that the program used for such a crack was (falsely) so efficient, that it could handle a generation, comparison, and loop in a single calculation (it cant, but I like to be very-very conservative), it would still take half of 2^87th seconds (roughly 77371252455336267181195264 seconds).
Uhh.. i think that comes out to 2 and a half thousand trillian millinia, give or take a few hundred thousand years.
Thats brute-force anyway.
Originally posted by: bajan
Not unless you can gain access to NEC's Earth Simulator
Nice post though... thanks a lot for the info.
Aside from the fact that it would probably have absolutely abysmal performance(relatively speaking) if computing something like that, you might be able to cut the time from a few million years to a mere millennia or two if the ES actually achieved the same kind of performance it does for it's intended purpose.
Actually, it would be longer than that, but you get the point
I'd like to add onto this being a network security technician. Most home users, when I say home... I mean home. Particularly people who are lazy and decide to use NTFS to encrypt their drives but fail to use an administrator password and therefore bypass the alt crtl del thing. (control userpasswords2) for autologin. When that happens and they try to recover data off that one hard drive, they'll come up with an access denied no permissions message. Following the dialog boxes to "transfer active ownership" (on the 2nd system, you have to be logged in under the exact same user account [not just credentials]) and that will get your data back and accessible before or after attempting an reinstall. Just for anyone who is in such a situation.
At times it'd be easier to consider using just an encrypted ZIP or RAR or whathaveyou for stuff you really want to keep private...
Hiya Guys
If u encrypt a file using EFS in one user account, will other users be able to read that file. Or do you need to set permissions for that??
BTW Nice post :laugh:
If u encrypt a file using EFS in one user account, will other users be able to read that file. Or do you need to set permissions for that??
BTW Nice post :laugh:
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter