Home page logo
/

basics logo Security Basics mailing list archives

RE: Windows EFS and Changing a Local Account Password
From: "Roger A. Grimes" <roger () banneretcs com>
Date: Fri, 14 Jul 2006 08:35:43 -0400

You are wrong that this is no impact of the user's password. The user's
password is used to create a master symmetric key that is used to
protect the user's EFS asymmetric private key (among other things). If
the administrator resets the user's password, the user will get a new
master symmetric key and no longer be able to decrypt their original EFS
private key. If the user changes their own password, however, Windows
updates the master key appropriately. It's one of the biggest drawbacks
of EFS.

-----Original Message-----
From: Thomas D. [mailto:whistl0r () googlemail com] 
Sent: Thursday, July 13, 2006 10:53 AM
To: winshel () camden rutgers edu; security-basics () securityfocus com
Subject: RE: Windows EFS and Changing a Local Account Password



-----Original Message-----
From: winshel () camden rutgers edu [mailto:winshel () camden rutgers edu]
Sent: Wednesday, July 12, 2006 8:23 PM
To: security-basics () securityfocus com
Subject: Windows EFS and Changing a Local Account Password

If you are using Windows Encrypted File System (EFS) on a PC that is 
not part of domain, and you change the password of the local user 
account that was used to encrypt files and / or directories, will you 
be locked out of the ecnrypted files?


No! It is a certificate-based encryption.

http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.msp
x 


------------------------------------------------------------------------
---
This list is sponsored by: SensePost

Hacking, like any art, will take years of dedicated study and practice
to master. We can't teach you to hack. But we can teach you what we've
learned so far. Our courses are honest, real, technical and practical.
SensePost willl be at Black Hat Vegas in July. To see what we're about,
visit us at: 

http://www.sensepost.com/training.html
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
This list is sponsored by: SensePost

Hacking, like any art, will take years of dedicated study and
practice to master. We can't teach you to hack. But we can teach you
what we've learned so far. Our courses are honest, real, technical
and practical. SensePost willl be at Black Hat Vegas in July. To see
what we're about, visit us at:

http://www.sensepost.com/training.html
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]