Reading on Win2K corrupts WinXP encrypted file?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

The other day I encountered an article on searchsecurity.techtarget.com by a James Michael Stewart, describing the different default encryption methods for Win2K, WinXP Gold, and WinXP SP1. See MSKB 329741 for details. Stewart claims that the attempt to (default) read a file on Win2K that was (default) encrypted on WinXP SP1 will not just fail, but will actually corrupt the file so it cannot be read subsequently even on WinXP SP1! This sounds implausible to me, and I have found no confirmation of this in any other forum or KB.

Is there any truth to this assertion, or any variation of it?
 
Hello,

I read through your post and also took a closer look at our Knowledge Base
article 329741 "EFS Files Appear Corrupted When You Open Them"
http://support.microsoft.com/?id=329741
According to the article the files should still be usable for systems
running Windows XP SP1 or Windows Server 2003. These two systems make use
of the Advanced Encryption Standard (AES), whereas Windows XP SP0 and
Windows 2000 use either DESX or 3DES (for Windows XP only).
The key is that a file encrypted on Windows XPSP1 or later, appears to be
corrupted when viewing on a downlevel OS. However the file should still be
readable on the originating OS as long as the proper key to decrypt the
file is present.

Hope this helps understanding the issue a bit better.

Cheers,

Michael Cole
MCSE, MCSA
Microsoft Security Team



--------------------
./Thread-Topic: Reading on Win2K corrupts WinXP encrypted file?
./thread-index: AcO2Iu7xf/MnCtgoTpiS7F88afevcA==
./X-Tomcat-NG: microsoft.public.win2000.security
./From: "=?Utf-8?B?RWFybA==?=" <[email protected]>
./Subject: Reading on Win2K corrupts WinXP encrypted file?
./Date: Fri, 28 Nov 2003 18:46:05 -0800
./Lines: 3
./Message-ID: <[email protected]>
./MIME-Version: 1.0
./Content-Type: text/plain;
./ charset="Utf-8"
./Content-Transfer-Encoding: 7bit
./X-Newsreader: Microsoft CDO for Windows 2000
./Content-Class: urn:content-classes:message
./Importance: normal
./Priority: normal
./X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
./Newsgroups: microsoft.public.win2000.security
./NNTP-Posting-Host: tk2msftcmty1.phx.gbl 10.40.1.180
./Path: cpmsftngxa06.phx.gbl!cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl
./Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.security:16801
./X-Tomcat-NG: microsoft.public.win2000.security
./
./The other day I encountered an article on searchsecurity.techtarget.com
by a James Michael Stewart, describing the different default encryption
methods for Win2K, WinXP Gold, and WinXP SP1. See MSKB 329741 for details.
Stewart claims that the attempt to (default) read a file on Win2K that was
(default) encrypted on WinXP SP1 will not just fail, but will actually
corrupt the file so it cannot be read subsequently even on WinXP SP1! This
sounds implausible to me, and I have found no confirmation of this in any
other forum or KB.

Is there any truth to this assertion, or any variation of it?
./
 
Thanks Michael. I agree with you on the interpretation of KB 329741. The reason for my concern is that the article I mentioned says , "... the attempt to decrypt actually damages the file rather than just failing ..." I have sent an email to the author of the article, inviting him to join this thread and give us more information on this issue.

The article URL is

http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci896063,00.html

Access requires you to give a password, however. There is no fee -- its one of those marketing-oriented member sites. I can post the entire article here if necessary, but at 2200 characters it's a bit long for a routine post.

Regards,

-Earl
 
Hi Earl,

Thanks for your response.
I agree that the article leaves a couple questions open. However, I tend to
leave it just alone. So far we have not heard that files got actually
damaged. I spoke to a few of my coworkers and there are no known cases
about the scenario the author (James Michael Stewart) is talking about. At
this point I would consider this information as partially correct. Unless
we have proof that files did get damaged I don't see a reason to further
pursue this issue. Good catch though...

Cheers,

Michael Cole
MCSE, MCSA
Microsoft Security Team



--------------------
./Thread-Topic: Reading on Win2K corrupts WinXP encrypted file?
./thread-index: AcO5rkxbR748F1XgRX2DKf1DQSGPFg==
./X-Tomcat-NG: microsoft.public.win2000.security
./From: "=?Utf-8?B?RWFybA==?=" <[email protected]>
./References: <[email protected]>
<[email protected]>
./Subject: RE: Reading on Win2K corrupts WinXP encrypted file?
./Date: Wed, 3 Dec 2003 07:01:15 -0800
./Lines: 11
./Message-ID: <[email protected]>
./MIME-Version: 1.0
./Content-Type: text/plain;
./ charset="Utf-8"
./Content-Transfer-Encoding: 7bit
./X-Newsreader: Microsoft CDO for Windows 2000
./Content-Class: urn:content-classes:message
./Importance: normal
./Priority: normal
./X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
./Newsgroups: microsoft.public.win2000.security
./NNTP-Posting-Host: tk2msftcmty1.phx.gbl 10.40.1.180
./Path: cpmsftngxa06.phx.gbl!cpmsftngxa10.phx.gbl
./Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.security:17133
./X-Tomcat-NG: microsoft.public.win2000.security
./
./Thanks Michael. I agree with you on the interpretation of KB 329741.
The reason for my concern is that the article I mentioned says , "... the
attempt to decrypt actually damages the file rather than just failing ..."
I have sent an email to the author of the article, inviting him to join
this thread and give us more information on this issue.

The article URL is

http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci896063,00.html

Access requires you to give a password, however. There is no fee -- its
one of those marketing-oriented member sites. I can post the entire
article here if necessary, but at 2200 characters it's a bit long for a
routine post.

Regards,

-Earl
./
 
Back
Top