shouldn't Windows warn you before "encrypting", if password is blank?

  • Thread starter Thread starter Bennett Haselton
  • Start date Start date
B

Bennett Haselton

In Windows XP you can encrypt a file or folder just by right-clicking
on it and selecting the Encryption attribute -- no extra password or
decryption key required -- so I assume the encryption key is derived
from your logon password somehow.

However, doesn't that mean that if you choose to encrypt a file but
your logon password is blank (and many people have set their password
to blank just so they can boot up their computer without entering
one), then by "encrypting" the file you haven't really encrypted it at
all? (Well of course you haven't, since anyone could boot up the
computer and be automatically signed in as you, and access the file
without ever authenticating themselves.)

I'm writing some articles about tips and tricks for Windows, and one
of the things I'm saying is that I consider it a user interface bug
that Windows lets you "encrypt" a file, without giving you a warning
if your password is blank. I'm just wondering if there is some
legitimate reason why Windows doesn't warn you about a blank password
before encrypting, otherwise I would call it a bug.

(I haven't tried under Vista or Windows 7; does anybody know if those
operating systems warn you if you try to set a file's "encryption"
attribute and your password is blank?)

Bennett
 
Bennett said:
In Windows XP you can encrypt a file or folder just by right-clicking
on it and selecting the Encryption attribute -- no extra password or
decryption key required -- so I assume the encryption key is derived
from your logon password somehow.

However, doesn't that mean that if you choose to encrypt a file but
your logon password is blank (and many people have set their password
to blank just so they can boot up their computer without entering
one), then by "encrypting" the file you haven't really encrypted it at
all? (Well of course you haven't, since anyone could boot up the
computer and be automatically signed in as you, and access the file
without ever authenticating themselves.)

I'm writing some articles about tips and tricks for Windows, and one
of the things I'm saying is that I consider it a user interface bug
that Windows lets you "encrypt" a file, without giving you a warning
if your password is blank. I'm just wondering if there is some
legitimate reason why Windows doesn't warn you about a blank password
before encrypting, otherwise I would call it a bug.

(I haven't tried under Vista or Windows 7; does anybody know if those
operating systems warn you if you try to set a file's "encryption"
attribute and your password is blank?)

I actually have not ever thought about trying that.

One would assume (in my mind) that the first line of defense on a computer
is the username/password configuration. I woud bet that most users that do
not have passwords (other than blank) assigned to them do not utilize EFS.
I would also bet that most users that have the facility available to them in
Windows XP Professional and utilize it, do so because their domain
administrator (or more accurately, their place of employment) tells them
they should. Given the latter - the domain administrator probably setup the
computer and forces the user to have a password.

In short - I believe it is more of a business feature (Windows XP
Professional was originally not intended for home usage - but to be a
member of a domain or business environment - where it was more than
likely that passwords and such would be required.)

In any case - your post tweaked my interest - so I had to try it. You can,
as a matter of fact, have a user account with no password use EFS.
Crazy.

I had to create a user account with no password, since I follow the best
practices of general computer use and have a password for my accounts -
but I created the account, logged in and made a new folder and encrypted
it. The user has no password. Their name just sits on the welcome screen,
begging for someone to click and log in. Once in - the contents of the
encrypted folder are an open book (although other users on the computer
can't do much with it.)

No warning - nothing.

So I thought to mysef - perhaps it's just listed as one of the 'best
practices' for the EFS.

Best practices for the Encrypting File System
http://support.microsoft.com/kb/223316

The Encrypting File System
http://technet.microsoft.com/en-us/library/cc700811.aspx

The first - not a word. The only times "password" is mentioned in the first
article is in reference to exporting the .pfx file and/or backing up the
certificate. Nothing says you should use an account with a strong password
for logon assigned.

The second - a little better with this quoted section:

"Using EFS requires only a few simple bits of knowledge. However, using EFS
without knowledge of best practices and without understanding recovery
processes can give you a mistaken sense of security, as your files might not
be encrypted when you think they are, or you might enable unauthorized
access by having a weak password or having made the password available to
others. It might also result in a loss of data, if proper recovery steps
aren't taken. Therefore, before using EFS you should read the information
links in the section "Misuse and Abuse of EFS and How to Avoid Data Loss or
Exposure." The knowledge in this section warns you where lack of proper
recovery operations or misunderstanding can cause your data to be
unnecessarily exposed. To implement a secure and recoverable EFS policy, you
should have a more comprehensive understanding of EFS."

I'd say "blank" qualifies as a "weak" password. ;-)

Now - I was hopeful they might expand on this later - specifically mention
that you should have a password set (although I still say "blank" is a
"weak" password - so they sort of do...) - but they do not specifically ever
say that.

http://technet.microsoft.com/en-us/library/cc700811.aspx#XSLTsection128121120120

There (the link directly above) they do have this:
"If users provide others with their passwords, these people can log on using
these credentials and decrypt the user's encrypted files. (Once a user has
successfully logged on, they can decrypt any files the user account has the
right to decrypt.)"

Well - yeah. Okay.

You are correct - there is no warning. Should there be a warning...?
I could see that being pretty easy to implement. I could see that being
useful too. One more thing for system administrators to point to and
use as a, "See, you need a password." tool.

However - if someone has set no password on their computer - I also
cannot see them being so security conscience and to decide to start using
EFS.

It sort of falls back to a conversation I was having in another place in
these newsgroups. There's a certain point where you have to rely on the
supposedly sentient being to make the wisest choice for themseves. You
are not asking them to become an expert on Windows or on EFS or in the
proper use of security measures - but to do their due diligence in order to
obtain whatever their goal may be.

If one is going to utilize EFS to protect their files - one should at least
attempt to understand the basics of how it works and what the best
practices may be and how to use it to accomplish one's own goals as best
they can. I would think with EFS - reading the two articles I posted above
would be advisable - and after reading it - I would have an overwhelming
sense that I needed a decent password.

I was disappointed in that the built-in help (Windows XP) mentioned nothing
about passwords when it came to EFS. It did hammer home how much this
was considered an 'enterprise' feature and not a 'standalone' feature. It
was really intended for use in a domain environment - where most likely the
user would be required to have a password meeting some level of complexity.

That's no excuse - just how I figure this came about. After all - who would
I be to make excuses for something I had nothing to do with anyway?
hah

Interesting.

Although - you are writing "tips and tricks" and are doing it for "Windows
XP"?

I'd say that might be redundant - given the age and how many such
web pages/books one can find on that subject now. ;-) However - more
power to you! You did bring up something I had not ever thought about.

I'd still point to the fact that I doubt someone who doesn't have a password
(a basic of computer security) on their account is probably unlikely to use
(or even have available) encryption (built-in) for Windows XP at least.

I'm fairly certain that to use encryption in Windows (XP, Vista, 7) - one
must have one of the 'Professiona' or above editions of the operating
system. The ones labeled "Home" usually do not provide the feature.

I haven't tried an account with no password on Vista or Windows 7 - but I
would be interested in the results if you do.
 
Bennett said:
In Windows XP you can encrypt a file or folder just by right-clicking
on it and selecting the Encryption attribute -- no extra password or
decryption key required -- so I assume the encryption key is derived
from your logon password somehow.

However, doesn't that mean that if you choose to encrypt a file but
your logon password is blank (and many people have set their password
to blank just so they can boot up their computer without entering
one), then by "encrypting" the file you haven't really encrypted it at
all? (Well of course you haven't, since anyone could boot up the
computer and be automatically signed in as you, and access the file
without ever authenticating themselves.)

I'm writing some articles about tips and tricks for Windows, and one
of the things I'm saying is that I consider it a user interface bug
that Windows lets you "encrypt" a file, without giving you a warning
if your password is blank. I'm just wondering if there is some
legitimate reason why Windows doesn't warn you about a blank password
before encrypting, otherwise I would call it a bug.

(I haven't tried under Vista or Windows 7; does anybody know if those
operating systems warn you if you try to set a file's "encryption"
attribute and your password is blank?)

Bennett



Though having a log-in password is a reasonable security measure...
it hardly guarantees your data are safe.

To access your data one would simply have to boot up with a live Linux
cd and access to the entire drive would be available in only a matter fo
seconds.

If your data are encrypted, then it's considerably safer...
as the encryption algorithm would have to be decrypted...
which is not so easy...and is certainly going to be very time consuming
 
Bennett said:
In Windows XP you can encrypt a file or folder just by right-clicking
on it and selecting the Encryption attribute -- no extra password or
decryption key required -- so I assume the encryption key is derived
from your logon password somehow.

However, doesn't that mean that if you choose to encrypt a file but
your logon password is blank (and many people have set their password
to blank just so they can boot up their computer without entering
one), then by "encrypting" the file you haven't really encrypted it at
all? (Well of course you haven't, since anyone could boot up the
computer and be automatically signed in as you, and access the file
without ever authenticating themselves.)

I'm writing some articles about tips and tricks for Windows, and one
of the things I'm saying is that I consider it a user interface bug
that Windows lets you "encrypt" a file, without giving you a warning
if your password is blank. I'm just wondering if there is some
legitimate reason why Windows doesn't warn you about a blank password
before encrypting, otherwise I would call it a bug.

(I haven't tried under Vista or Windows 7; does anybody know if those
operating systems warn you if you try to set a file's "encryption"
attribute and your password is blank?)
Though having a log-in password is a reasonable security measure...
it hardly guarantees your data are safe.

To access your data one would simply have to boot up with a live
Linux cd and access to the entire drive would be available in only
a matter fo seconds.

If your data are encrypted, then it's considerably safer...
as the encryption algorithm would have to be decrypted...
which is not so easy...and is certainly going to be very time
consuming

Okay... But here's the point I got out of the post you are responding to.

- Someone can have no password in Windows XP Professional for logging in.
- That same person can encrypt a file/folder using EFS on the machine.
- However - with no password, logging in as that person is trivial - a
literal click of the mouse/pressing ENTER on the keyboard. And once logged
in - the files they encrypted are automatically decrypted.

In other words... There's no need to hack any passwords, reset them using
and methods. The password is empty, there is no password.

So while the password may not provide any real protection where physical
access is concerned - at least with the use of a password someone would have
to change/hack it to get in (or take ownership of the files/folder or use an
imaging application to make an accessible image of the disk, etc) - but the
encrypted files would not be accessible in any timely/easy manner like they
are if you have no password and I just click on your logon picture, logon as
you and get to your files - encrypted or not - because I am you as far as
the computer is concerned - same empty password as you always had. ;-)
 
Shenan said:
Okay... But here's the point I got out of the post you are responding to.

- Someone can have no password in Windows XP Professional for logging in.
- That same person can encrypt a file/folder using EFS on the machine.
- However - with no password, logging in as that person is trivial - a
literal click of the mouse/pressing ENTER on the keyboard. And once logged
in - the files they encrypted are automatically decrypted.

In other words... There's no need to hack any passwords, reset them using
and methods. The password is empty, there is no password.

So while the password may not provide any real protection where physical
access is concerned - at least with the use of a password someone would have
to change/hack it to get in (or take ownership of the files/folder or use an
imaging application to make an accessible image of the disk, etc) - but the
encrypted files would not be accessible in any timely/easy manner like they
are if you have no password and I just click on your logon picture, logon as
you and get to your files - encrypted or not - because I am you as far as
the computer is concerned - same empty password as you always had. ;-)



Thanks for the info...

I guess I did not realize that XP's built-in encryption was so weak...

I think that for better security a 3rd party encryption tool would be better
 
philo said:
Thanks for the info...

I guess I did not realize that XP's built-in encryption was so
weak...
I think that for better security a 3rd party encryption tool would
be better

Without a doubt - especially if they are not going to use a logon password.
hah
 
Back
Top