Win XP built in file encryption - few questions

Golden Ape · 5 Feb 2006 at 17:09

I'm just wondering whether anyone uses this and what your thoughts about it are. Basically I'm looking for something to protect files on a laptop against oportunistic theives - i.e. if someone nicks my machine I don't want to be handing them all my bank account details, that sort of stuff. I'm not looking for the sort of tool that could protect me from the FBI or something.

One thing I'm slightly worried about is backup up of keys. I've kind of heard about this and have a rough idea of what it is and how it works (basically a way of getting your files back if windows screws up and you need to reinstal). Is it practical though? I wonder if I'd back up the keys, lose the backup and then have XP crash?

While I'm at it - backing up encrypted files - how does that work? Presumably the built in encryption works at the level of the file system so as soon as a file is backup to a new location it's no longer protected?

So what I guess I'm asking is - what would you do? Are there any better (free/cheap) solutions out there?

Thanks

i know nothing · 5 Feb 2006 at 21:19

I Use Cryptus4us, free and written by a frog who hates the Yanks and doesn't trust them!

I did have my entire hard disk encrypted, it screwed up and I lost everything, couldn't get back in even with the emergency disk, never again :-(

Golden Ape · 6 Feb 2006 at 11:43

Ah thanks - that's the sort of thing that I really want to avoid!

Mattus · 6 Feb 2006 at 17:51

BestCrypt is a very good program, although not free.

|Ric| · 6 Feb 2006 at 19:52

well after my operating systems lecture today I wouldn't use the built in encryption. It is apparently quite easy to find out the private key and if you login as the administrator account you can ignore it

Golden Ape · 7 Feb 2006 at 09:51

|Ric| really? I'd thought that it was really quite difficult to get at encyrpted files (assuming you didn't know the admin password)? I guess I'm partly basing this experience of posts on these forums - people loose access to their account, haven't backed up the encyrption key and pretty much can never get their files back. I've a vague recollection that something has changed since XP (or perhapse service pack 1 or 2) that means even if you reset the admin password and can access the admin account you still can't access files that were encrypted under previous password.

Mind you, I'm by no means an expert on any of this stuff!

|Ric| · 7 Feb 2006 at 15:27

I have never really looked at this in great detail I merely noticed your post as I came out of the lecture where I had just been told how rubbish it was

My only experience is that if you reset a password through the management console it warns you that you lose access to certain files - which I assume it means the encrypted files

Perhaps it is time for me to do some further reading and find out exactly

|Ric| · 7 Feb 2006 at 17:50

Right perhaps XP encryption isn't all that bad. I clearly wasn't concentrating on my lecture

As far as I can see the way to bypass the encryption is that an Administrator can simply reset a users password (the user who encrypted the files), login as the user and then the files are viewable.
If the machine is on a domain there is another process for recovering files that are encrypted but for machines not on a domain this does not seem to be used (certainly as default)
I don't know where this leaves you if someone was to try and fiddle with your SAM file (where the account passwords are stored) as this may result in changing the encryption key - making the files unreadable by everyone

The main weakness in the encryption is that at the end of the day all the required information for decyrpting and encrypting is all stored on the hard disk. So this could mean the encryption can be removed. The encryption can't be that strong either as the overhead for viewing files would be too high.
So I don't know how long it would take but it is seemingly possible.

Last point, there does appear to be software out there that will recover files that have been encrypted produced by companies that do undelete software. How effective they are again I don't know

Golden Ape · 7 Feb 2006 at 19:00

Ah interesting, thanks for that. Sounds like NT encryption is good enought for my needs - that is, if I can be trusted to keep a safe back up of my keys!