How good is Win XP Pro encryption?

oddjob62 said:
Pretty much unbreakable. So make sure you backup your keys in case your computer dies.
Click to expand...


I can vouch for that. A user of ours managed to encrypt his files. Of course, when we had to change his user ID, he could no longer access.

He lost all of his data.
 
Memphis said:
I can vouch for that. A user of ours managed to encrypt his files. Of course, when we had to change his user ID, he could no longer access.

He lost all of his data.
Click to expand...

Couldn't you of used the recovery agent certificate or whatever it's called and recovery account to get the data back?

It's turned on for a certain dir on our laptops for users, was funny last week as the certificate expired which messed things up for them a bit :)
 
Ev0 said:
Couldn't you of used the recovery agent certificate or whatever it's called and recovery account to get the data back?
Click to expand...


Well, long story short, no we couldn't. The circumstances in which the data became encrypted, and the shoddy setup of our servers ment that using the DRA was impossible.
 
oddjob62 said:
Pretty much unbreakable. So make sure you backup your keys in case your computer dies.
Click to expand...


yup

as far as i'm concered its 100% reliable, and its definatly worth making a floppy backup of the key, since a password change renders the data unaccessable!
 
So if I change my logon password all I do to access the data again is import the backed up certificate? Can you import the certificate in another user account to?

Thanks
 
metalmackey said:
So if I change my logon password all I do to access the data again is import the backed up certificate? Can you import the certificate in another user account to?

Thanks
Click to expand...

If you CtrlAltDel and change your password i'm pretty sure that won't clear your certificates, but if you do a password reset, or the OS crashes and you need to reinstall, then you will need to import the certs again. I am almost certain you can import the certs into another account.
 
I came accross this about the XP efs.
For obvious reasons, we won’t mention its greatest flaw. Suffice it to say that an unauthorised user equipped with a small screwdriver should never be allowed anywhere near the computer.
Click to expand...
So what is this flaw?
 
Last edited:
Indeed. If any tom, dick, or hacker can carry away your PC (or parts thereof), then you may as well forget about security completely.
 
Yes but in theory, if they had the whole PC, they could crack your user account password, log on, and then simply decrypt the files. That's if you've not set it up securely.
 
use 8 character passwords with a mixture of capital letters, numbers and non alphabetical or numberic characters..

ie..

0v3rc/ocK

its a bit ott for home use.. but is very secure, a lot better than using a password like 'windows'

set screensaver to 1 min, and to require password upon closing screensaver (blank screensaver is good to use, becuase it switches back to login really quickly)

dont have autologin enabled
 
oddjob62 said:
Also you could disable LM Hash. That would make it a lot harder to brute force crack your password.
Click to expand...
I just looked up how to do this. I already had a nolmhash in my reg which I set to 1 and rebooted. Does it matter the reg key is called nolmhash and not NoLMHash as it said in the guide?
 
You must log in or register to reply here.
Back
Top Bottom