Quote Originally Posted by Nokia
So perhaps you can explain where the encryption key comes from for windows EFS then Nihil.....

To save you a Google I will tell you: it is the users password....oh wow look at that, if I know the users password maybe, just maybe I can decrypt the EFS protected file! Wow! But hey thats file encryption and has nothing to do with the password does it....

Of couse you also know that the local admin password can by default decrypt all user encrypted EFS files on a non domain work station...and you also know that the domain admin can by default decrypt all user encrypted EFS files on any work station in the whole domain......but hey, we don't need passwords do we, as this is file encryption, nothing to do with passwords.....
Hi,

After reading the information in this thread, I have used "How EFS Works" as a search string in Google. I have no knowledge or experience on EFS, so pardon me if my interpretation of what I read is incorrect. With that said,

"When you save a file to be encrypted, a random cryptographic generator supplies a unique file encryption key (FEK), which is a fast symmetric key designed for bulk encryption. The FEK encrypts the data in blocks. EFS adds a header to the file, where the FEK is stored".

Source: http://www.microsoft.com/technet/pro....mspx?mfr=true

"EFS keys are protected by the user's password. "

Source: http://www.microsoft.com/technet/sec...hyetc/efs.mspx

So if my understanding is correct, Fle Encryption Key comes from a Cryptographic Generator. The Keys are protected by the User's Password. So is it correct to say, that the encryption key comes from ther user's password?

Thanks in advance, if anyone takes time to explain this.

Cheers,
R.o.P.E