|
Posted by Shion Uzuki on December 27, 2005, 11:50 am
If you were Registered and logged in, you could reply and use other advanced thread options
This is a newbie laptop EFS question. So please bear with me.
EFS is seemingly weak from what I know and am experiencing. The DRA
component is excellent since the priv key can be exported and only
imported as needed; thereby making the DRA pub key on a laptop useless.
When encrypting a file, a pub/priv key pair is automatically created
within my user profile and used/needed for encrypt/decrypt respectively.
Logging on as admin is not enough to read the data if encrypted with
my Sammy account. To decrypt the Sammy-encrypted data, one need only
crack into the Sammy account to utilize its keys.
Therefore, I see EFS to be only as strong as the WinXP logon
credentials. On a stolen laptop, one can easily boot via CD/floppy to
run brute force attacks and other cracking software against the SAM to
get Sammy's passwd. Once obtained, a hacker and thief as well, logs on
as Sammy to utilize the keys within his profile for decryption.
Where is the strength in that? To overcome the aforementioned, I've
simply exported Sammy's key pair onto a floppy and deleting the priv key
on the system afterward, upon logging off. Should anyone, including
**myself**, log on as Sammy either legitimately or not afterwards, they
cannot decrypt. So as a legit user, I just import the key pair from the
floppy, but this is so cumbersome to export/import after each log off to
avoid my aforementioned weakness in EFS on a laptop.
Can someone please show me what I am missing about EFS?
Thank you.
//S.U.
|
|
Posted by Lionel Fourquaux on December 27, 2005, 12:18 pm
If you were Registered and logged in, you could reply and use other advanced thread options
43b1704e$0$58051$742ec2ed@news.sonic.net...
> Therefore, I see EFS to be only as strong as the WinXP logon credentials.
> On a stolen laptop, one can easily boot via CD/floppy to run brute force
> attacks and other cracking software against the SAM to get Sammy's passwd.
> Once obtained, a hacker and thief as well, logs on as Sammy to utilize the
> keys within his profile for decryption.
This part may not be as easy as you think, if you set up your system
correctly (strong passwords, no LM hashes, syskey).
|
|
Posted by Roger Abell [MVP] on December 27, 2005, 12:56 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Basically a system and what is stored on it are only as
well protected as the system is configured and kept out
of the hands of untrusted people.
Given physical access and time pretty much any system
that predates full-disk encryption will fall under the scenario
you have presented. Pretty much any data file encryption
software and OS have issues with the type of things you
have outlined.
Newer ways of storing EFS certs on USB diskkeys
and/or smartcards are helping some, relative to convenience
for your strategy of separating EFS priv key from the machine.
The real (or at least current) answer to the "computer in hands
of attacker" is only now coming to market due to industry
initiatives. With full disk encryption and EFS within one has a
more well hardened solution to the lost laptop situation.
>
> This is a newbie laptop EFS question. So please bear with me.
>
> EFS is seemingly weak from what I know and am experiencing. The DRA
> component is excellent since the priv key can be exported and only
> imported as needed; thereby making the DRA pub key on a laptop useless.
>
> When encrypting a file, a pub/priv key pair is automatically created
> within my user profile and used/needed for encrypt/decrypt respectively.
> Logging on as admin is not enough to read the data if encrypted with my
> Sammy account. To decrypt the Sammy-encrypted data, one need only crack
> into the Sammy account to utilize its keys.
>
> Therefore, I see EFS to be only as strong as the WinXP logon credentials.
> On a stolen laptop, one can easily boot via CD/floppy to run brute force
> attacks and other cracking software against the SAM to get Sammy's passwd.
> Once obtained, a hacker and thief as well, logs on as Sammy to utilize the
> keys within his profile for decryption.
>
> Where is the strength in that? To overcome the aforementioned, I've
> simply exported Sammy's key pair onto a floppy and deleting the priv key
> on the system afterward, upon logging off. Should anyone, including
> **myself**, log on as Sammy either legitimately or not afterwards, they
> cannot decrypt. So as a legit user, I just import the key pair from the
> floppy, but this is so cumbersome to export/import after each log off to
> avoid my aforementioned weakness in EFS on a laptop.
>
> Can someone please show me what I am missing about EFS?
>
> Thank you.
> //S.U.
|
|
Posted by Roger Abell [MVP] on December 27, 2005, 1:18 pm
If you were Registered and logged in, you could reply and use other advanced thread options
There are those who argue that the era of passwords
as a form for claiming identity are over.
I notice that the key to your scenario is access to the
existing password of the Sammy account.
While passwords can be well over 200 characters long,
made to include spaces, unicode alt-key combo chars,
etc. we do not see people using their favorite haiku as
a passcode, but rather we see things like 11111 and
variations on their spouse's name.
If nothing else, that human inertia tends to make me also
a believer that passwords are passe as a mean of gating
access to computing systems.
Now, that Windows still defaults to storing LM hashes
is something beyond me, and is something changeable.
I mean, store passwords for types of systems that do
not really exist in any appreciable sense/quantity any
longer ?? (sorry IBM shops out there).
But, as Lionel pointed out, if you disable this, and use
strong passwords, your scenario is less simple than it
might seem.
>
> This is a newbie laptop EFS question. So please bear with me.
>
> EFS is seemingly weak from what I know and am experiencing. The DRA
> component is excellent since the priv key can be exported and only
> imported as needed; thereby making the DRA pub key on a laptop useless.
>
> When encrypting a file, a pub/priv key pair is automatically created
> within my user profile and used/needed for encrypt/decrypt respectively.
> Logging on as admin is not enough to read the data if encrypted with my
> Sammy account. To decrypt the Sammy-encrypted data, one need only crack
> into the Sammy account to utilize its keys.
>
> Therefore, I see EFS to be only as strong as the WinXP logon credentials.
> On a stolen laptop, one can easily boot via CD/floppy to run brute force
> attacks and other cracking software against the SAM to get Sammy's passwd.
> Once obtained, a hacker and thief as well, logs on as Sammy to utilize the
> keys within his profile for decryption.
>
> Where is the strength in that? To overcome the aforementioned, I've
> simply exported Sammy's key pair onto a floppy and deleting the priv key
> on the system afterward, upon logging off. Should anyone, including
> **myself**, log on as Sammy either legitimately or not afterwards, they
> cannot decrypt. So as a legit user, I just import the key pair from the
> floppy, but this is so cumbersome to export/import after each log off to
> avoid my aforementioned weakness in EFS on a laptop.
>
> Can someone please show me what I am missing about EFS?
>
> Thank you.
> //S.U.
|
|
Posted by Steven L Umbach on December 27, 2005, 1:49 pm
If you were Registered and logged in, you could reply and use other advanced thread options
vulnerability to access to files. For domain users logging on with cached
domain credentials the likelihood of retrieving the domain user password is
extremely remote last I heard as that password is not stored in SAM and is
encrypted very securely. Another thing you could do for a non domain user
account if you are also a local administrator for XP Pro is to "reset" your
user password before you logoff using lusrmgr.msc and then change it back to
what it was after you logon again. That may be more convenient than
exporting and deleting/and importing the EFS private key. Of course that
assumes that an attacker has not installed a keyboard logger on your
computer to capture our credentials. --- Steve
>
> This is a newbie laptop EFS question. So please bear with me.
>
> EFS is seemingly weak from what I know and am experiencing. The DRA
> component is excellent since the priv key can be exported and only
> imported as needed; thereby making the DRA pub key on a laptop useless.
>
> When encrypting a file, a pub/priv key pair is automatically created
> within my user profile and used/needed for encrypt/decrypt respectively.
> Logging on as admin is not enough to read the data if encrypted with my
> Sammy account. To decrypt the Sammy-encrypted data, one need only crack
> into the Sammy account to utilize its keys.
>
> Therefore, I see EFS to be only as strong as the WinXP logon credentials.
> On a stolen laptop, one can easily boot via CD/floppy to run brute force
> attacks and other cracking software against the SAM to get Sammy's passwd.
> Once obtained, a hacker and thief as well, logs on as Sammy to utilize the
> keys within his profile for decryption.
>
> Where is the strength in that? To overcome the aforementioned, I've
> simply exported Sammy's key pair onto a floppy and deleting the priv key
> on the system afterward, upon logging off. Should anyone, including
> **myself**, log on as Sammy either legitimately or not afterwards, they
> cannot decrypt. So as a legit user, I just import the key pair from the
> floppy, but this is so cumbersome to export/import after each log off to
> avoid my aforementioned weakness in EFS on a laptop.
>
> Can someone please show me what I am missing about EFS?
>
> Thank you.
> //S.U.
|
| Similar Threads | Posted | | EFS / CRL / Laptops ? | July 26, 2005, 2:26 pm |
| firewall for Laptops | July 22, 2006, 1:30 am |
| Help-My laptops Windows keeps rebooting | March 15, 2006, 10:54 pm |
| Does NAP protect against rouge laptops | October 29, 2008, 7:55 pm |
| DHCP problem with PEAP on IBM laptops | February 22, 2006, 1:27 pm |
| Corporate Laptops and out of office security | April 4, 2006, 11:15 pm |
| So why not use full disk encryption on laptops? | October 16, 2006, 11:16 pm |
| corporate encryption/security for laptops | August 26, 2008, 11:10 am |
| Smartcard offline login and XP laptops | November 23, 2008, 4:42 pm |
| IPSEC, Wireless Access Cards and laptops | April 19, 2006, 11:54 pm |
|
XML site map