Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 28

Thread: Big encryption problem

  1. #11
    Spyrus, I couln't find the window you spoke of. But, I found Advanced EFS Data recovery here:
    http://www.elcomsoft.com/aefsdr.html

    I found out I am kinda lucky, because I was experimenting with cain and able and lc a while ago, so I have my SAM saved on my usb key. But it needs the private key. I think I am out of luck because I am guessing it generates the private key. It searched for files encrypted with EFS and found them, although I don't remember turning it on. Looks like I'm screwed unless I can somehow use my SAM. Anyways, thanks for your help everyone.

    Neg- I am totally 100% legal and legit here, I have a educational copy and a giveaway copy from work (lucky me).

  2. #12
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    From microsoft knowledge base:


    Members of the Administrators group cannot decrypt files unless the person who encrypted the files designated them as recovery agents before encrypting the files.

    NOTE: You must be the original encrypter of the file or a designated recovery agent for the file to use the following steps. If you are not authorized to remove encryption, you receive the following error message:

    Error Applying Attributes
    An error occurred applying attributes to the file:

    Path:\Filename

    Access is denied
    To remove encryption from a file:
    Use Windows Explorer to browse to the location of the encrypted file that you want to decrypt.
    Right-click the encrypted file, and then click Properties.
    On the General tab, click Advanced.
    Click to clear the Encrypt contents to secure data check box, click OK, and then click OK again.
    back to the top
    How to Remove Encryption from a Folder
    NOTE: You must be the original encrypter of the file or a designated recovery agent for the file to use the following steps. If you are not authorized to remove encryption, you receive the following error message:

    Error Applying Attributes
    An error occurred applying attributes to the file:

    Path:\Filename

    Access is denied
    Use Windows Explorer to browse to the location of the encrypted folder that you want to decrypt.
    Right-click the folder, and then click Properties.
    On the General tab, click Advanced.
    Click to clear the Encrypt contents to secure data check box, click OK, and then click OK again.
    When you are prompted to confirm the attribute change:
    If you want to decrypt only the folder, click Apply the changes to this folder only, and then click OK.
    If you want to decrypt the folder and its contents, click Apply changes to this folder, subfolders and files, and then click OK.
    ------------------------------------------------------------------------------------------------------------------------
    Also:
    Recovering Access to Encrypted EFS Data
    If you have encrypted some of your files by using the Encrypting File System (EFS), you have additional options to recover access to those encrypted files. The following provisions apply only to EFS encrypted files, and will not recover access to saved credentials or certificates.

    If you have previously exported the user's EFS private key from the user's account, you may import the key back into the account and recover access to the encrypted files.

    If you did not export the private key and you have defined a Data Recovery Agent (DRA) prior to encrypting the files, you may regain access to EFS files as the Data Recovery Agent. For additional information about how to recover data in this case, click the article number below to view the article in the Microsoft Knowledge Base:
    255742 Methods for Recovering Encrypted Data Files

    If you do not have the required items or information specified for the preceding recovery solutions, the data is permanently encrypted, and cannot be recovered.
    STATUS
    This behavior is by design.
    MORE INFORMATION
    The behavior that is described in this article is a security measure taken to protect the security of the user's private information. A malicious administrator that can reset a user's password and thereby gain access to the user's account cannot access encrypted files or authentication materials without the user's knowledge or permissions.

    Before being allowed to reset a password, an administrator or owner of the computer is prompted with the following messages:

    Resetting this password might cause irreversible loss of information for this user account. For security reasons, Windows protects certain information by making it impossible to access if the users password is reset.

    The data loss will occur the next time the user logs off.

    You should use this command only if a user has forgotten his or her password and does not have a password reset disk. If this user has created a password reset disk, then he or she should use that disk to set the password.

    If the user knows the password and wants to change it, he or she should log in, then use the User Accounts in Control Panel to change the password.
    You are Resetting the password for user name. If you do this, user name will lose all EFS-encrypted files, personal certificate, and stored passwords for Web sites or network resources.

    To avoid losing data in the future, ask user2 to make a password reset floppy disk.
    To avoid data loss because of a password reset in the future, create a password recovery disk to reset the password and have users change their own password while logged in.

    To create a password recovery disk:
    Click Start, and then click Control Panel.
    Click User Accounts.
    Click your user name.
    Click Prevent a forgotten password, and then follow the instructions in the wizard.
    Store the disk in a safe location.
    ------------------------------------------------------------------------------------------------------------------------
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  3. #13
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    Would changing his Windows key to the original one defeat EFS? Dunno, but it could be worth a try, I guess... if you have your original key, you can change the one you have now to the original one using something like rockXP...

  4. #14
    If I installed XP again, using the first CD that it was encrypted with, would my files decrypt? I just learned that almost all of them are, so this really, really sucks.

  5. #15
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    Soda > That's what I was thinking, but if that works, you wouldn't have to reinstall the first XP again... you could just change the key to that of the first one... I think

  6. #16
    Senior Member Spyrus's Avatar
    Join Date
    Oct 2002
    Posts
    741
    In Windows NT and Windows 2000, passwords are stored in the Security Account Manager (SAM) database. The password values themselves aren't stored in the SAM - instead, the hashed values of the passwords are stored there. If an attacker could obtain a copy of the SAM through some means, he could conduct a brute-force attack, in which he would generate the hash of every possible password and compare each to the hashes in the SAM database. When he found a match, he would know the password for the account.

    Syskey thwarts this attack by encrypting the SAM database using strong encryption. Even if an attacker did manage to obtain a copy of the Syskey-protected SAM, he would first need to conduct a brute-force attack to determine the Syskey, then conduct a brute-force attack against the hashes themselves. This dramatically increases the work factor associated with the attack, to the point where it's considered to be computationally infeasible.
    which can be found here

    a pay for tool can be found here

    perhaps a free download here

    let me know if that one works
    Duct tape.....A whole lot of Duct Tape
    Spyware/Adaware problem click
    here

  7. #17
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Again from Microsoft.

    Why You Must Back Up Your Certificates
    Because there is no way to recover data that has been encrypted with a corrupted or missing certificate , it is critical that you back up the certificates and store them in a secure location. You can also specify a recovery agent. This agent can restore the data. The recovery agent's certificate serves a different purpose than the user's certificate.

    Looks like your only option is to go to the dark side.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  8. #18
    Looks like your only option is to go to the dark side.
    Yeah, Linux.


    Product key changes haven't worked. Neg's link and another have both failed. They don't change, and XP says its already activated.

  9. #19
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    "The dark side", what i mean is this. (and this is just me making an educated guess)
    You have a file and want to encrypt it. You do the right click properties stuff. Windows scramples the file and produces a certificate that has the encryption key, and makes a link between your account, so you can view the file when neaded.

    When you re-installed xp that certificate/key was lost. So no access to the files. I think your only option is to find an encryption cracker. And get your prayer mat out.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  10. #20
    I totally knew what you meant

    I was sorta joking about switching to a nix, but I don't know now. This might be a good opportunity to throw on a distro. I haven't found anything that can crack the file. And what sucks even more, is that I threw out the hard copy on accident today. I swear, everything is going wrong for me today (And it this had to happen before finals.)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •