Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Does Win2k's Encrypted File System Really Work?

Posted by Cliff on from the digging-into-the-details dept.

cyberbrian asks: "At work, I administer Windows NT 4.0 and 2000 servers and I have been researching Win 2000's EFS (Encrypted File System) and I have detected some Very Odd Behavior. I am currently leaning towards using PGP Disk instead of EFS but I really want to know what is going on here. For instance, one of the tests I made is that I backed up an encrypted file and restored it to a FAT partition. The resulting file had zero bytes. For true encryption, shouldn't there be data in the file, but scrambled according to the encryption algorythem and key file? IMHO, Microsoft may not be using encryption at all, but instead perhaps the "encryption" is actually a hidden NTFS deny/allow permission that is tied to a certificate. Has anyone tested this by trying to decrypt a EFS file under Linux? Also, I would be very interested in any URLs people could point me to where this is explained in detail."

2 of 26 comments (clear)

  1. Re:artstechnica EFS information by coyote-san · · Score: 5, Interesting
    This raises some rather obvious questions.

    • What's the modulus size used for the key pair? 1024 bits? 512? 256?!
    • What's the algorithm used? RSA? DSA? something else?
    • What's the key length of the symmetrical cipher used to actually encrypt the data? 128 bits? 64? 56? 40? (Remember that a *lot* of Windows software defaulted to 40 bit encryption due to ITAR restrictions.)
    • What's the algorithm used to actually generate these "random" symmetrical keys? Can it be easily predicted?
    • What's the symmetrical cipher used? What mode does it use? (Specifically, is it "Electronic Code Book (ECB)" or "Cipher Block Chaining (CBC)"? The former is *much* easier to crack than the latter. Does it use a constant IV, or block-based IVs? Again, the former is *much* easier to crack than the latter.

    The Microsoft web page offers one answer. Triple DES is supported, if you are running Windows XP Professional, but all earlier platforms and even WXP by default use "DESX, a variation of the DES standard." In other words, absolute crap - the *only* way to know that a cipher is solid is to expose it to prolonged cryptanalysis by knowledgable people. DES is considered weak now (due to brute force attacks), 3DES is usually considered acceptable but I wouldn't use "DESX" to encrypt my grocery list since it's a total unknown. The mere fact that they choose this oddball variant, instead of any of the newer, IP-free ciphers, screams WARNING - there are unacknowledged motivations here!.

    I didn't see any mention of ECB vs. CBC, changing IV vectors, etc., all basic information that you would expect to see for the buzzword factor alone. Since they never wipe the plaintext files, it sounds like someone got a copy of Krypto4Kiddies and never got past the first few chapters.

    --
    For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
  2. Re:Not Surprised by Anonymous Coward · · Score: 1, Interesting

    The data is really encrypted. It uses public key crypto, as someone else pointed out. By default, the file is encrypted to the user's key, and to the administrator's key. So assuming you didn't delete the administrator key, anyone with access to this key has access to all your encrypted files. I'm not sure if the adminstrator key is encrypted on the disk - did you use the same admin password when you reinstalled?