From: sherwyn.williams@gmail.com
Date: Fri Jun 01 2007 - 17:39:31 EDT
So if it is low level that means that I should pretty much give up on this side, I figured if it was M$ it had to have some sort of hole but I guess not huh!
Any one else out there had any luck with this, what about if you use some sort of file reconstruction program
Sherwyn Williams
Technical Support
The Williams Solutions
-----Original Message-----
From: "Asier Gutierrez" <asierguti@Safe-mail.net>
Date: Fri, 1 Jun 2007 22:24:27
To:sherwyn.williams@gmail.com
Cc:jamie.riden@gmail.com, listbounce@securityfocus.com, Ian.Stong.ctr@disa.mil, pen-test@securityfocus.com
Subject: Re: Pentesting EFS MS Encryption
Hello Sherwyn,
Basically there are two types of encryption: file level encryption and low level encryption. The difference is that in the first one, we can actually see the files, but they are encrypted, while in the second one all the drive (all sectors) are encrypted.
If we have a typical EFS (windows file level encryption), there are programs to crack the password by brute-force. "Advanced EFS Data Recovery" is an example of a program to do so.
However, if you have an low level encryption, there is only one way to get the data, and it's to have the username and/or password for the system. It can't be cracked, and the only way to recover the data from a crashed computer is using an emergency disk issued by the encryption company, which also includes authentication.
Beware the new windows vista includes Bitlocker encryption, which is a low level encryption. This one encrypts all file structures too, but, depending on the mode, using TPM, like a chip or a USB key.
These products are very much tested, so I consider them pretty solid. All of them, excluding bitlocker from microsoft, have a backdoor in case you forget the password or the computer crashed, but that backdoor is protected by authentication anyway.
Cheers,
Asier
-------- Original Message --------From: sherwyn.williams@gmail.comApparently from: pen-test-return-1078484313-asierguti=safe-mail.net@securityfocus.comTo: "Jamie Riden" <jamie.riden@gmail.com>, listbounce@securityfocus.com, "Stong, Ian C CTR DISA GIG-CS" <Ian.Stong.ctr@disa.mil>Cc: pen-test@securityfocus.comSubject: Pentesting EFS MS EncryptionDate: Fri, 1 Jun 2007 20:41:05 +0000
> Hello everyone,> > I would like to know if I have backup or some files encrypted with the built in encryption in windows but don't have the key how can I reverse this to gain access to the files.> > Example while conducting a test, I have access to the network backup of various data that has a faulty permission setting, but files are encrypted.> > And I am sure this can be helpful to someone if the have a backup but the system crashed. :(> > Thanks in advance.> Sherwyn Williams> Technical Support> The Williams Solutions > > > ------------------------------------------------------------------------> This List Sponsored by: Cenzic> > Are you using SPI, Watchfire or WhiteHat?> Consider getting clear vision with Cenzic> See HOW Now with our 20/20 program!> > http://www.cenzic.com/c/2020> ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:51 EDT