Everstrike's "Lock folder XP 3.4" vulnerability - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 22

Thread: Everstrike's "Lock folder XP 3.4" vulnerability

  1. #11
    Would PGP be susceptable to the method you used to disable everstrike? Hmmm!
    No, because it the program doesn't rely on Windows registry. Once those files are encrypted you can put them anywhere, and you would still need to decrypt them for any sort of access. The encryption does rely on the program, but the way PGP handles passphrase usage is completely different than the origonal application in Everstrike. It's all internally in the program, using keys to unlock data with phassphrases. Thus you would have to attack the file, rather than the program.

  2. #12
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    The only two people that have access to my computers is myself and my wife, but I still use a very good form of security for any personal data.

    I just burn all personal data to a CD and have it encrypted with PGP. The data is not resident on the computer at all. If it were very sensitive and I didn't want anyone to ever be able to see it, I would also use PGP's free space wiper utility after I deleted the raw data and had it copied to the CD. ( note > I have not ever really done this because I really don't have any data that is that secure or sensitive)
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  3. #13
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    Originally posted here by ss2chef
    Most of the time you simply need to image the drive or partition, and then mount the image
    and have full access to the files. This is also so with MS EFS as it relies on ntfs.
    Linux boot disk can have the same effect on most file/folder encryption schemes.
    if i understood , you stated that you can break EFS mouting ntfs disk on other OS, such as a linux. that is correct? could you explain better this? some examples perhaps? As i far i know you cant break EFS on that way except if you keep keys on HD.
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  4. #14
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    Originally posted here by cacosapo
    if i understood , you stated that you can break EFS mouting ntfs disk on other OS, such as a linux. that is correct? could you explain better this? some examples perhaps? As i far i know you cant break EFS on that way except if you keep keys on HD.
    No, please re-read what I wrote..
    With Linux boot disks, you are still mounting NTFS.
    To defeat EFS, I image a drive or partition and mount that image RAW and
    have complete access to each file or folder.

  5. #15
    No, please re-read what I wrote..
    With Linux boot disks, you are still mounting NTFS.
    To defeat EFS, I image a drive or partition and mount that image RAW and
    have complete access to each file or folder.
    how do you mount a RAW partition under linux? i was under the impression that the normal mount command always needs a selected file system. so this means that you have another tool to do this, which tool is it?

  6. #16
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    Originally posted here by ss2chef
    No, please re-read what I wrote..
    With Linux boot disks, you are still mounting NTFS.
    To defeat EFS, I image a drive or partition and mount that image RAW and
    have complete access to each file or folder.
    ok, but its still the same problem. How, mounting as a raw image, you get files, since they are encripted? what kind of tool do that? i still dont understand the concept. please post more details.
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  7. #17
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    Originally posted here by cacosapo
    ok, but its still the same problem. How, mounting as a raw image, you get files, since they are encripted? what kind of tool do that? i still dont understand the concept. please post more details.
    No, they are encryped while wrapped in NTFS.
    NTFS is stripped in the imaging process.
    EFS is a logical encryption under NTFS so no NTFS - no encryption...
    I can show you sometime if you like...

    The main point is the encryption should follow the file regardless or OS or filesystem.


  8. #18
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    man, after i read your reply ive started to research again about. According ive read, you cant do it (access data) just accessing disk outside windows (like using a disk sector editor). File' data is encrypted too, not just protect. So, if you mount as raw and use and disk editor, find i-nodes that represent the file, you will get only ..... encrypted data.

    I cant find anywhere your reference about "its encrypted while wrapped in NTFS". According the some sites (links bellow) FILE DATA is encrypted. So file encryption is following file, as you noticed. i cant see how EFS is weak as you stated. The only way (except brute force RSA algorithm) is getting private key of the user, that must be managed accordingly.


    http://www.winntmag.com/Windows/Arti...87/pg/3/3.html
    http://www.pcguide.com/ref/hdd/file/...Encrypt-c.html
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  9. #19
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    Simply put.

    If I encrypt a file in XP

    FTP that file to one of my FTP servers.

    Jump on another XP box and grab that file from ftp server, there is no encryption
    associated. No Decryption is required to run/use the file.

    The encryption does not follow the file

    If the encryption service is not running when the disk is imaged via bootdisk, the image
    can be mounted "service less" providing access to the files unecrypted. I can copy those
    files via a virtual drive mounted to the image without encryption and ntfs permissions for
    that matter.

  10. #20
    First, please keep in mind that I am a bit fuzy on the internal workings of EFS, but this is from what I remebmer... don't quote me on any of this..

    edit: Also note that I've heard sources on both sides saying that file transfers from one Filesystem to the next would be encrypted still, and other sources say that they would no longer be encrypted. So I'm afraid I can't be much more help


    ss2chef is correct here. Moving or copying EFS files to another file system removes the encryption, but backing them up preserves the encryption, this is because the encryption is not actually encryption, it is "We will protect and encrypt, but only if EFS is running and active." So it's half-ass encryption.

    I know it doesn't make much sense acosapo, but that's how EFS works. It will encrypt as long as the EFS is running and the file system is active. If a file is copied to another file system that is not running EFS it loses it's encryption because there is nothing left to -continue- the encryption process. So going from NTFS EFS to FAt32 would completely remove all encryption. Actually the word remove is bad because we assume that the file stays encrypted during EFS. That isn't correct. The file is "Granted" encryption ability while EFS is running, and when EFS isn't active on that filesystem, that ability is gone.

    WARNING, THEORY!! : In fact, in theory even moving it to another EFS active filesystem should still break the encryption merely because the file would then have to have a different encryption key for this new filesystem, and thus have no encryption after the file transfer.


    A good article on EFS in general:

    http://www.winntmag.com/Articles/Ind...&Key=Internals

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides