Any possibility to break the WinXP encryption

  • Thread starter Thread starter Thorsten Tarrach
  • Start date Start date
T

Thorsten Tarrach

Hallo,
I wrote an FAQ about the WinXP encryption where I explain how important it
is to backup the encryption key. But I often get emails from users who
alreaddy lost thier key. Two scenarios are common:
1. They reinstalled the OS and the key is gone (the profile is still there)
2. They deletet the key by accident or deletet the user and recreated him
I always tell them that it the files are now wothless and can be deleted.
But is there really no chance to recover the key? In what file is the key
stored? Maybe one can undelete the file and implement it in a new profile
(if the passwort is the same)?
Thanks for any advice.
Thorsten
 
Best Practices for the Encrypting File System
http://support.microsoft.com/default.aspx?scid=kb;en-us;223316

Encrypting File System in Windows XP
http://www.microsoft.com/technet/tr...chnet/prodtechnol/winxppro/deploy/CryptFS.asp

EFS Files Appear Corrupted When You Open Them
http://support.microsoft.com/default.aspx?scid=kb;en-us;329741

HOW TO: Remove File Encryption in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;EN-US;308993

Without a backup of the original Encryption Certificate Key, encrypted files
are unrecoverable as they will stay encrypted forever. There is no recovery
method since the encryption algorithm is now completely different with a reinstall
of Windows XP.

See if the following article helps in any way:

HOW TO: Take Ownership of a File or Folder in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;308421


--
Nicholas

----------------------------------------------------------------------------------------------


| Hallo,
| I wrote an FAQ about the WinXP encryption where I explain how important it
| is to backup the encryption key. But I often get emails from users who
| alreaddy lost thier key. Two scenarios are common:
| 1. They reinstalled the OS and the key is gone (the profile is still there)
| 2. They deletet the key by accident or deletet the user and recreated him
| I always tell them that it the files are now wothless and can be deleted.
| But is there really no chance to recover the key? In what file is the key
| stored? Maybe one can undelete the file and implement it in a new profile
| (if the passwort is the same)?
| Thanks for any advice.
| Thorsten
|
 
"Thorsten Tarrach" said:
But is there really no chance to recover the key? In what file is the key
stored? Maybe one can undelete the file and implement it in a new profile
(if the passwort is the same)?
Click to expand...

There are various things you can do, from ensuring the presence of a
recovery manager, to using a floppy for key storage, but all of these
require forethought enough to protect the key from accidental deletion by
the methods you've outlined. [This not being solidly within my area of
expertise, I'll let someone else give you the facts, or the FAQs, of such
methods]

On to the question, of course, if XP's file encryption was able to be
cracked, it'd be all over international news reports within minutes. And
then there'd be a service pack to fix it, and you're back to the same
problem.

EFS is _not_ a mild cloak of darkness to be placed over files and keep them
away only from idle intruders, to be whipped away by the technically savvy
as a party trick. It's real encryption. It really encrypts the files, and
is designed such that you should be unable to decrypt the files if you do
not have the key.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]
 
Thorsten;
If you can restore the original profile (not recreate) you may be able
to recover the data.
Recreating profiles and passwords is irrelevant.
Contact Microsoft if you can restore the profile.
Or:
http://www.beginningtoseethelight.org/efsrecovery/index.php

If the files are encrypted.
If you did not back-up the encryption key or the Recovery Agent and
are not on a domain, the files are as good as gone.
This must be accomplished while you have access to the files.
If you have not already done so, it is now to late.

EFS is very good at what it does and there is no back door.
Read and understand these links before using EFS to keep from
permanently losing your data:
http://www.microsoft.com/windowsxp/pro/techinfo/administration/recovery/default.asp
(58 pages)
http://support.microsoft.com/?id=223316
 
Back
Top