-
September 24th, 2004, 11:30 AM
#11
Would PGP be susceptable to the method you used to disable everstrike? Hmmm!
No, because it the program doesn't rely on Windows registry. Once those files are encrypted you can put them anywhere, and you would still need to decrypt them for any sort of access. The encryption does rely on the program, but the way PGP handles passphrase usage is completely different than the origonal application in Everstrike. It's all internally in the program, using keys to unlock data with phassphrases. Thus you would have to attack the file, rather than the program.
-
September 24th, 2004, 01:06 PM
#12
The only two people that have access to my computers is myself and my wife, but I still use a very good form of security for any personal data.
I just burn all personal data to a CD and have it encrypted with PGP. The data is not resident on the computer at all. If it were very sensitive and I didn't want anyone to ever be able to see it, I would also use PGP's free space wiper utility after I deleted the raw data and had it copied to the CD. ( note > I have not ever really done this because I really don't have any data that is that secure or sensitive)
\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
Author Unknown
-
September 24th, 2004, 01:08 PM
#13
Originally posted here by ss2chef
Most of the time you simply need to image the drive or partition, and then mount the image
and have full access to the files. This is also so with MS EFS as it relies on ntfs.
Linux boot disk can have the same effect on most file/folder encryption schemes.
if i understood , you stated that you can break EFS mouting ntfs disk on other OS, such as a linux. that is correct? could you explain better this? some examples perhaps? As i far i know you cant break EFS on that way except if you keep keys on HD.
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
September 24th, 2004, 03:04 PM
#14
Originally posted here by cacosapo
if i understood , you stated that you can break EFS mouting ntfs disk on other OS, such as a linux. that is correct? could you explain better this? some examples perhaps? As i far i know you cant break EFS on that way except if you keep keys on HD.
No, please re-read what I wrote..
With Linux boot disks, you are still mounting NTFS.
To defeat EFS, I image a drive or partition and mount that image RAW and
have complete access to each file or folder.
-
September 24th, 2004, 03:10 PM
#15
No, please re-read what I wrote..
With Linux boot disks, you are still mounting NTFS.
To defeat EFS, I image a drive or partition and mount that image RAW and
have complete access to each file or folder.
how do you mount a RAW partition under linux? i was under the impression that the normal mount command always needs a selected file system. so this means that you have another tool to do this, which tool is it?
-
September 24th, 2004, 03:21 PM
#16
Originally posted here by ss2chef
No, please re-read what I wrote..
With Linux boot disks, you are still mounting NTFS.
To defeat EFS, I image a drive or partition and mount that image RAW and
have complete access to each file or folder.
ok, but its still the same problem. How, mounting as a raw image, you get files, since they are encripted? what kind of tool do that? i still dont understand the concept. please post more details.
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
September 24th, 2004, 03:34 PM
#17
Originally posted here by cacosapo
ok, but its still the same problem. How, mounting as a raw image, you get files, since they are encripted? what kind of tool do that? i still dont understand the concept. please post more details.
No, they are encryped while wrapped in NTFS.
NTFS is stripped in the imaging process.
EFS is a logical encryption under NTFS so no NTFS - no encryption...
I can show you sometime if you like...
The main point is the encryption should follow the file regardless or OS or filesystem.
-
September 24th, 2004, 08:10 PM
#18
man, after i read your reply ive started to research again about. According ive read, you cant do it (access data) just accessing disk outside windows (like using a disk sector editor). File' data is encrypted too, not just protect. So, if you mount as raw and use and disk editor, find i-nodes that represent the file, you will get only ..... encrypted data.
I cant find anywhere your reference about "its encrypted while wrapped in NTFS". According the some sites (links bellow) FILE DATA is encrypted. So file encryption is following file, as you noticed. i cant see how EFS is weak as you stated. The only way (except brute force RSA algorithm) is getting private key of the user, that must be managed accordingly.
http://www.winntmag.com/Windows/Arti...87/pg/3/3.html
http://www.pcguide.com/ref/hdd/file/...Encrypt-c.html
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
September 24th, 2004, 08:49 PM
#19
Simply put.
If I encrypt a file in XP
FTP that file to one of my FTP servers.
Jump on another XP box and grab that file from ftp server, there is no encryption
associated. No Decryption is required to run/use the file.
The encryption does not follow the file
If the encryption service is not running when the disk is imaged via bootdisk, the image
can be mounted "service less" providing access to the files unecrypted. I can copy those
files via a virtual drive mounted to the image without encryption and ntfs permissions for
that matter.
-
September 24th, 2004, 09:58 PM
#20
First, please keep in mind that I am a bit fuzy on the internal workings of EFS, but this is from what I remebmer... don't quote me on any of this..
edit: Also note that I've heard sources on both sides saying that file transfers from one Filesystem to the next would be encrypted still, and other sources say that they would no longer be encrypted. So I'm afraid I can't be much more help
ss2chef is correct here. Moving or copying EFS files to another file system removes the encryption, but backing them up preserves the encryption, this is because the encryption is not actually encryption, it is "We will protect and encrypt, but only if EFS is running and active." So it's half-ass encryption.
I know it doesn't make much sense acosapo, but that's how EFS works. It will encrypt as long as the EFS is running and the file system is active. If a file is copied to another file system that is not running EFS it loses it's encryption because there is nothing left to -continue- the encryption process. So going from NTFS EFS to FAt32 would completely remove all encryption. Actually the word remove is bad because we assume that the file stays encrypted during EFS. That isn't correct. The file is "Granted" encryption ability while EFS is running, and when EFS isn't active on that filesystem, that ability is gone.
WARNING, THEORY!! : In fact, in theory even moving it to another EFS active filesystem should still break the encryption merely because the file would then have to have a different encryption key for this new filesystem, and thus have no encryption after the file transfer.
A good article on EFS in general:
http://www.winntmag.com/Articles/Ind...&Key=Internals
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|