Windows 7 - Encrypting File System

tntcoder · 20 Jan 2011 at 17:35

Beerbaron said:
BitLocker is useless anyway as its was cracked long ago

It wasn't, it's safe so long as you trust Microsoft.

Cheetah Designs · 25 Jan 2011 at 10:24

Right after a lot of research I feel Windows EFS is what I want. Thanks for the information to everyone that posted in this thread.

I do however have one more question. You suggested backing up the certificates, is this so I can still read the files if Windows gets corrupted? Like just install another Windows installation ontop with the same username and password and restore the certificates?

SiriusB · 25 Jan 2011 at 11:26

Yes, or if you forget your password! Use of a safe is recommended here!

Cheetah Designs · 25 Jan 2011 at 15:30

SiriusB said:
Yes, or if you forget your password! Use of a safe is recommended here!

So you will ONLY need those certificates to recover the data...correct?

tntcoder · 25 Jan 2011 at 16:21

Cheetah Designs said:
So you will ONLY need those certificates to recover the data...correct?

Yes, but keep in mind that the need for recovery may well be higher with EFS that other systems.

For example, don't know if this is still the case (hopefully not!) but when you used to change your windows password you were screwed because the private key was encrypted with the Windows logon password and changing it fubared the system.

So edge on the side of caution and backup the certs safely

Cheetah Designs · 25 Jan 2011 at 16:35

tntcoder said:
Yes, but keep in mind that the need for recovery may well be higher with EFS that other systems.

For example, don't know if this is still the case (hopefully not!) but when you used to change your windows password you were screwed because the private key was encrypted with the Windows logon password and changing it fubared the system.

So edge on the side of caution and backup the certs safely

I believe this is still the case (according to the research I have done). But lets say I did change my password, so long as I had those backup security certficates, i can still access the files...right?

SiriusB · 25 Jan 2011 at 17:38

Pretty much.

Cheetah Designs · 25 Jan 2011 at 18:05

Surely then its the certificate files that are the key to the encrypted files and not your windows password?

Would that be correct?

Or is it the case that the certificate files are encrypted USING your windows password? and when you export them for backup, you are exporting an UNENCRYPTED version.

tntcoder · 25 Jan 2011 at 18:13

Cheetah Designs said:
Or is it the case that the certificate files are encrypted USING your windows password? and when you export them for backup, you are exporting an UNENCRYPTED version.

Correct.

Just follow something like this: http://www.pctipsbox.com/back-up-encrypting-file-system-efs-certificate/ the export wizard lets you protect (encrypt) the certs with a new password during backup. Just remember that so long as you are logged into the box the certs are decrypted, otherwise they are as you said protected by the windows password.

Cheetah Designs · 27 Jan 2011 at 12:55

tntcoder said:
Correct.

Just follow something like this: http://www.pctipsbox.com/back-up-encrypting-file-system-efs-certificate/ the export wizard lets you protect (encrypt) the certs with a new password during backup. Just remember that so long as you are logged into the box the certs are decrypted, otherwise they are as you said protected by the windows password.

Great thanks for your help.

Surely if you are logged in using TrueCrypt you get the same "security risk"? Non?

I will just backup the certificates and archive them with 7z + passworded AES256 encryption.

SiriusB · 27 Jan 2011 at 14:18

When you do a full disk encryption with TrueCrypt it is true that if you leave your PC logged on then someone could potentially get your data. However, if you bothered to encrypt in the first place one would think you wouldn't be daft enough to leave your machine logged on.

If you had very sensitive data, you could use encrypted volumes, which you can mount and unmount as you need them. So even if the machine is running, they can't be accessed. Unless of course you are again silly enough to leave your machine logged on unattended AND have the encrypted volume open.

Any encryption on a system being used will require a certain amount of work from the user too!

Cheetah Designs · 27 Jan 2011 at 16:09

Thanks for the clearup...just as I thought.

hansp · 28 Jan 2011 at 12:16

tntcoder said:
For example, don't know if this is still the case (hopefully not!) but when you used to change your windows password you were screwed because the private key was encrypted with the Windows logon password and changing it fubared the system.

There is a difference between changing your password and resetting it. If you change it, you are okay. If you reset it, you are not okay.