Home page logo

basics logo Security Basics mailing list archives

RE: Decrypt File
From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 15 May 2003 12:22:03 -0700

-----Original Message-----
From: James Yang [mailto:guanghuyang () yahoo com cn]
Sent: May 14, 2003 20:39
To: security-basics () securityfocus com
Subject: Decrypt File

   My system occurred problem yesterday. I backuped my files 
and then  reinstalled my W2K system. After I copied back my 
files I found I couldn't  open the encrypted files.     How 
can I open, could anyone give me a tip.     Thanks.

  I'm assuming that by "encrypted" you mean you've been using
EFS (Encrypted File System), and that by "reinstalled" you mean
something like "did a clean format and brand new installation".

  EFS files can be decrypted and re-encrypted by the owner, or
decrypted (only) by a designated recovery agent -- by default,
the administrator account.
  If you did a clean installation, the new installation has its
own administrator account and (probably) personal account for 
you.  None of the accounts from the previous installation exists
any more.

  I recommend, when people ask me, that EFS only be used in a
*domain* context.  That way, the default recovery agent is the 
domain administrator account, which will survive reinstalls of 
individual client machines, and even (if there are multiple 
domain controllers) reinstalls of any single domain controller.
  I do not recommend its use on single stand-alone machines,
because if neither the owner nor recovery agent account exists
any more, your third alternative is to try to convince the FBI
that Al Qaeda has hidden data in your encrypted files -- allegedly
they've cracked EFS (although I suspect that what they actually
did in Afghanistan was crack the administrator password, and that
won't help you now).

David Gillett

Thinking About Security Training? You Can't Afford Not To!

Vigilar's industry leading curriculum includes:  Security +, Check Point, 
Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now!
--UP TO 30% off classes in select cities-- 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]