win 2000 file encyption

  • Thread starter Thread starter Richard Jake
  • Start date Start date
R

Richard Jake

I have setup an encrypted folders on a laptop running win2000.

What I am concerned about is that both the encryption keys and the encrypted
files must be on the HD disk somewhere. In which case if the laptop was
stolen and someone transfered the HD to there PC, surely all the information
(keys + files) for de-encryprting the files will be available to them.

Surely for it to be secure one of the keys must be kept external to the
laptop.
 
Security isn't a game of absolutes if you want a useful machine.

Yes, the keys are on the HD. They're in that user's profile. They're
encrypted by DPAPI, which through a series of keys encrypting other keys
ultimately encrypts a key with the user's SID and password. So if you want
EFS to be more secure, use a strong password.

Yes, there would be some value in removing the keys, but the user experience
would suck. It would flow like this:
1. Ok - I'm done on this machine now - I'll export my cert with private key,
put them on a floppy if I haven't already done so, and delete them on the
HD.
2. That material might still be on the disk even though I deleted it - I
should scrub my drive.
(half and hour later)
3. Ahh - I can finally log off.
(back at the machine the next day)
4. Time to log on and do some work. Where's that floppy?
(if floppy is lost so is the data, otherwise continue)
5. Here's the floppy! Import the certificate with private key.
6. Put the floppy in a safe so that someone else doesn't get the key pair.
7. Work's over! Time to go back to #1.

The key on a USB dongle or a smartcard might make sense, but we don't
currently offer that capability.
 
Not to mention if they did all that and did not know about the concept of the
recovery agent which is required in W2K and they are not using the built in
admin account as their user account, then there probably is still an EFS private
key for potential decryption of the files on the machine. --- Steve

Drew Cooper said:
Security isn't a game of absolutes if you want a useful machine.

Yes, the keys are on the HD. They're in that user's profile. They're
encrypted by DPAPI, which through a series of keys encrypting other keys
ultimately encrypts a key with the user's SID and password. So if you want
EFS to be more secure, use a strong password.

Yes, there would be some value in removing the keys, but the user experience
would suck. It would flow like this:
1. Ok - I'm done on this machine now - I'll export my cert with private key,
put them on a floppy if I haven't already done so, and delete them on the
HD.
2. That material might still be on the disk even though I deleted it - I
should scrub my drive.
(half and hour later)
3. Ahh - I can finally log off.
(back at the machine the next day)
4. Time to log on and do some work. Where's that floppy?
(if floppy is lost so is the data, otherwise continue)
5. Here's the floppy! Import the certificate with private key.
6. Put the floppy in a safe so that someone else doesn't get the key pair.
7. Work's over! Time to go back to #1.

The key on a USB dongle or a smartcard might make sense, but we don't
currently offer that capability.
--
Drew Cooper [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.


Richard Jake said:
I have setup an encrypted folders on a laptop running win2000.

What I am concerned about is that both the encryption keys and the encrypted
files must be on the HD disk somewhere. In which case if the laptop was
stolen and someone transfered the HD to there PC, surely all the information
(keys + files) for de-encryprting the files will be available to them.

Surely for it to be secure one of the keys must be kept external to the
laptop.
Click to expand...
Click to expand...
 
Back
Top