If you use NTFS Encryption, read this

[FlyGuy70]

Anyone know if Microsoft maintains a backup private key for EFS? If so, you could just take the raw encrypted file, send it to Microsoft, and ask them to decrypt it for you. I'm sure there would be a fee.

Of course, if MS has a private key, that means they probably let the government use it too.. so your data isn't REALLY safe...

Personally, I think I'd buy some third party encryption tool before trusting Microsoft with sensitive data.

 

[stash]

Anyone know if Microsoft maintains a backup private key for EFS? If so, you could just take the raw encrypted file, send it to Microsoft, and ask them to decrypt it for you. I'm sure there would be a fee

Absolutely not. It would be completely impossible even if Microsoft had any desire to do it, which they don't.

 

[FlyGuy70]

STaSh, can you explain why it is impossible? I'm not familiar with the exact encryption method MS uses for EFS, but from what you're saying it sounds like it doesn't use any public key / private key system (since if it did MS could include a public key in the encryption for which only they would have the private key).

 

[stash]

It does use an asymmetric encryption scheme to encrypt the FEK, which then symmetrically encrypts the data. So I supposes it is possible, except that every public key necessary in EFS (the user's plus any recovery agents) is added to the FEK during the encryption process. You can clearly see who has access to decrypt the FEK by running the efsinfo tool. So please show me where this mythical public key is on every Windows system.

When I worked in PSS, I worked a fair number of EFS cases. These were enterprise customers, not home users encrypting their porn collection. I'm talking about admins on the other end of the phone begging me to save their jobs because the CEO cannot decrypt his files. And without the user's password and the user's private key, or without a DRA's private key, there was absolutely nothing I could do.

EFS is built on largely non-proprietary technology (public/private key pairs, symmetric encryption using AES or 3DES), so there is no logical reason to assume that it is weak simply because it is included with Windows.

The rules for EFS are very simple, so I will say it again. If you do not have the password and the private key of the user that encrypted the file, or the private key of a recovery agent whose public key is also encrypting the FEK, game over. No back doors, no secret handshakes, no undocumented registry keys, no NSA keys, no funky NTFS ACL'ing magic, NOTHING will decrypt those files short of systematic brute forcing of every possible symmetric encryption key.

 

[sisi20]

STaSh: the fact you worked in PSS doesnt mean you know what Microsoft is doing and how they are doing it.
The fact that some pseudo-chef lost his Excel documents cannot be reason for exploiting the security scheme of that impact. I have completely no doubt about, that when CIA/MS/FBI, Intepol will need that informations, they will have them very very fast. Read that article on THG i posted before.

Also the fact that there are no informations on the net and forums like this about how to decrypt the data, doesnt mean that it is not possible. If you would be some hacker, or CIA agent knowing the way to decrypt it, you would not publish it for free to everybody. You will either keep it for you or sell it silently.
Nobody is talking about it, but all articles i read ended in: "it is easy possible", but we cannot say how.

I am sorry if i am wrong, i am just girl left the school and security is NOT my domain (i am photographer and artist), but this is how i understand it and believe it. I was a bit interested in this, because i wanted to protect data and artworks on my computer.

 

[stash]

STaSh: the fact you worked in PSS doesnt mean you know what Microsoft is doing and how they are doing it.

Maybe not, but my current job as a security consultant for a branch of the US government for MS frequently has me speaking with PMs, developers and others internally who work on security in general or EFS in particular. There is no magic here, no man behind the curtain. Without the password and key, the data does not get decrypted. CIA, NSA, FBI are not immune to this reality. Typically though, when a law enforcement agency or govt agency needs to decrypt files, the private key that encrypted the FEK is still on the drive somewhere. And even if the drive was formatted, there are tools that can recover data including the private key. So in that sense, it probably would be relatively easy for an agency to decrypt data, since they have tools to recover the key and crack the user's password if necessary. But as I said before, this is not some James Bond, whiz-bang method that only the government has, or worse, some back door in EFS. These are the same rules that apply to anyone who wants to decrypt data.

Also the fact that there are no informations on the net and forums like this about how to decrypt the data, doesnt mean that it is not possible. If you would be some hacker, or CIA agent knowing the way to decrypt it, you would not publish it for free to everybody.

There is plenty of publically available information on how to decrypt files. Much of it is on Microsoft's website. Microsoft even tells you exactly how encryption and decrytion works with EFS: http://www.microsoft.com/technet/prodte...7e9f7-2090-4c88-8d14-270c749fddb5.mspx

I suggest you read it. I doubt I will change your mind, since you seem to be convinced that EFS is weak and Linux > *. I find it interesting that you would take the word of someone like Tom's Hardware over a person who has intimate knowlege of the technology and code involved. Tom's Hardware is hardly an authority on things security. In fact, they have an article out today that further perpetuates the FUD around XP SP2 in enterprise environments. The author has a rather frightening lack of knowledge in the area of enterprise network administration, where he apparently is unaware of things like Group Policy, SMS and SUS. Yet the article is taken as gospel by many, especially the Slashdot crowd, where knee-jerk, close-minded reactions to Microsoft are the norm.

I would just suggest that you keep an open mind. Microsoft has come a long long way in the past few years with regards to security. I would suggest you read about the Security Development Lifecycle (SDL) used at MS: http://msdn.microsoft.com/library/defau...l=/library/en-us/dnsecure/html/sdl.asp. If you ask the opinions of administrators and security professionals, I think you will find that there is much praise for the way Microsoft has improved the security of its flagship products, with Server 2003 SP1 and XP SP2. Trustworthy Computing may sound like a corny marketing slogan, but it is no joke within Microsoft.

 

[sisi20]

STaSh: Thank You for taking the time and learning me. I trust You. Your explanation is not only easy to understand but also sounds realistic.
Thank You
Sisi

 

[FlyGuy70]

STaSh: You said, "If you do not have the password and the private key of the user that encrypted the file, or the private key of a recovery agent whose public key is also encrypting the FEK, game over."

I'm not an expert on these security acronyms (EFS, FEL, AES) so can you explain how you can be *sure* that MS does not have a public key that is also encrypting the FEK? I'm perhaps paranoid about this because I know there was a situation a few years ago where it was demonstrated (after accidental discovery) that a beta version of Windows did, indeed, have two public keys included in their encryption, one labeled "Microsoft" and the other labeled "NSA". Whether that ever made its way into a final version, I don't know, but it certainly raised eyebrows at the time.

 

[stash]

Sure. Run efsinfo /r on an encrypted file.

 

[sisi20]

i did not understand it STaSh?

 

[stash]

Efsinfo is a tool you can use to display information about encrypted files. http://www.microsoft.com/windows2000/te...fo/reskit/tools/existing/efsinfo-o.asp

One of the things you can do is display the recovery agents on an encrypted file. If you recall how EFS works, the File Encryption Key (FEK) is what does the bulk encryption of the actual data. It is a symmetric encryption key that is randomly generated. Symmetric encryption means you use the same key to encrypt and decrypt data. Symmetric encryption is much faster than asymmetric encryption, which is why it is ideal for the bulk data encryption.

After you have a FEK to do bulk data encryption, the FEK is then encrypted using asymmetric encryption. With asymmetric encryption, different keys are used for encryption and decryption. This is much more complex and slower, but all it is doing is encrypting the FEK, which is a very small amount of data. So the FEK is encrypted with the public key of the user who encrypted the file, as well the public key of any recovery agents. The whole mess (FEK encrypted with user's key as well as any DRA's keys) is attached to the file as an attribute called the data decryption field (DDF).

So, if you follow all of that, you should see that the only way to decrypt the FEK and thus decrypt the data is to have the corresponding private key of one of the public keys that is in the DDF. The user's private key will decrypt the FEK, and any DRA whose public key encrypted the FEK can decrypt it with their private key.

So by running efsinfo /r "encrypted file.doc" you will see any recovery agents whose public keys encrypted the FEK. If Microsoft had a public key in every copy of Windows that was automatically used to encrypt the FEK of any encrypted file in the world, you would clearly see that in the efsinfo output.

Make sense?

 

[FlyGuy70]

Thanks STaSh, that was awesome. That was exactly the sort of explanation I was looking for (as a matter of fact I had no idea how EFS worked, so your explanation was very helpful).

So as long as the efsinfo program hasn't been tampered with to hide references to certain hidden public keys (lol...), it shows us everyone who could possibly unencrypt the file. Cool.

 

[stash]

You're welcome, glad it helped. One slight correction...the original encryptor's encrypted FEK is stored in the DDF, while all of the recovery agents' encrypted FEKs are stored in the Data Recovery Field (DRF).

If you want to read more about how EFS works, check out this page: http://www.microsoft.com/technet/prodte...7e9f7-2090-4c88-8d14-270c749fddb5.mspx

 

[sisi20]

If i would continue in the conspiration theory, i can say that efsinfo knows that it should not display microsoft and NSA keys

 

[aka1nas]

Would PGPDisk be a better choice over EFS if I want to dual-boot with linux and still access my ntfs drives. Or, rather, is it possible to access an NTFS partition using EFS from linux if I extract my private key from windows or do something similar?

 

[Alex]

usefull thread thanks hopefully I can get my stuff back!