FACTOID # 29: 73.3% of America's gross operating surplus in motion picture and sound recording industries comes from California.
 
 Home   Encyclopedia   Statistics   States A-Z   Flags   Maps   FAQ   About 
   
 
WHAT'S NEW
 

SEARCH ALL

FACTS & STATISTICS    Advanced view

Search encyclopedia, statistics and forums:

 

 

(* = Graphable)

 

 


Encyclopedia > Encrypting File System

The Encrypting File System (EFS) is a file system with filesystem-level encryption available in Microsoft's Windows 2000 and later operating systems. The technology transparently allows files to be stored encrypted on NTFS file systems to protect confidential data from attackers with physical access to the computer. In computing, a file system (often also written as filesystem) is a method for storing and organizing computer files and the data they contain to make it easy to find and access them. ... Filesystem-level encryption, is a form of disk encryption where individual files or directories are encrypted by the file system, in contrast to full disk encryption where the entire partition or disk, where the file system resides, is encrypted. ... Microsoft Corporation, (NASDAQ: MSFT, HKSE: 4338) is a multinational computer technology corporation with global annual revenue of US$44. ... Windows 2000 (also referred to as Win2K) is a preemptible, interruptible, graphical and business-oriented operating system that was designed to work with either uniprocessor or symmetric multi-processor 32-bit Intel x86 computers. ... “Cipher” redirects here. ... NTFS, also known as NT File System or New Technology File System,[2] is the standard file system of Windows NT and its descendants Windows 2000, Windows XP, Windows Server 2003, and Windows Vista. ...


User authentication and access control lists can protect files from unauthorized access while the operating system is running, but are easily circumvented if an attacker gains physical access to the computer. A solution is to store the files encrypted on the disks of the computer. EFS does this using public key cryptography, and aims to ensure that decrypting the files is practically impossible without the correct key. However, EFS does not prevent brute-force attacks against the user account passwords. In other words, file encryption doesn't provide much protection if the account password is easily guessed. Authentication (from Greek αυθεντικός; real or genuine, from authentes; author) is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the thing are true. ... In computer security, an access control list (ACL) is a list of permissions attached to an object. ... An operating system (OS) is a set of computer programs that manage the hardware and software resources of a computer. ... “Cipher” redirects here. ... Public key cryptography is a form of cryptography which generally allows users to communicate securely without having prior access to a shared secret key, by using a pair of cryptographic keys, designated as public key and private key, which are related mathematically. ...

Contents

Operation

Files and folders that are to be encrypted by the file system must be marked with an encryption attribute. As with file permissions in NTFS, if a folder is marked for encryption, then by default all files and subfolders that exist in the folder are also encrypted. When files are copied to another volume that is formatted with another file system (for instance, FAT32), then the files and/or folders are decrypted before copying them over to that file system. The only exception is when files are backed up, in which case the files are not decrypted. Image File history File links Size of this preview: 498 × 600 pixelsFull resolution (1187 × 1429 pixel, file size: 158 KB, MIME type: image/png) en : EFS operation scheme. ... File Allocation Table (FAT) is a partially patented file system developed by Microsoft for MS-DOS and was the primary file system for consumer versions of Microsoft Windows up to and including Windows Me. ...


EFS works by encrypting a file with a bulk symmetric key (also known as the File Encryption Key, or FEK), which is used because it takes a relatively smaller amount of time to encrypt and decrypt large amounts of data than if an asymmetric key cipher is used. The symmetric key that is used to encrypt the file is then encrypted with a public key that is associated with the user who encrypted the file, and this encrypted data is stored in the header of the encrypted file. To decrypt the file, the file system uses the private key of the user to decrypt the symmetric key that is stored in the file header. It then uses the symmetric key to decrypt the file. Because this is done at the file system level, it is transparent to the user. A symmetric-key algorithm is an algorithm for cryptography that uses the same cryptographic key to encrypt and decrypt the message. ... In cryptography, an asymmetric key algorithm uses a pair of different, though related, cryptographic keys to encrypt and decrypt. ... PKC, see PKC (disambiguation) Public-key cryptography is a form of modern cryptography which allows users to communicate securely without previously agreeing on a shared secret key. ...


Starting with Windows Vista, a user's private key can be stored on a smart card. Windows domain recovery keys can also be stored on an administrator's smart card.[1] Windows Vista is a line of graphical operating systems used on personal computers, including home and business desktops, notebook computers, Tablet PCs, and media centers. ... Smart card used for health insurance in France. ... Windows Server may refer to: Windows 2000 Server, the release based on Windows 2000 Windows Server 2003, the current release of Windows Server Windows Server Longhorn, the upcoming release of Windows Server Windows Home Server, an upcoming server operating system intended for home use Microsoft Servers, a family of servers...


Security

There are two important security holes in Windows 2000 EFS.


Decrypting files using the administrator login

In Windows 2000, the administrator is by default the recovery agent, capable of decrypting all files encrypted in EFS. Win2k cannot function without a recovery agent, so basically there is always someone who can decrypt encrypted files of the users. In Windows XP and on, there are no default recovery agents and no need to have one. Setting SYSKEY to mode2 or higher (syskey typed in during bootup or stored in floppy) will prevent this attack, since the private keys will be stored in an encrypted SAM file that an attacker cannot decrypt, because he cannot know the SYSKEY passphrase/keyfile. SYSKEY is an utility that encrypts the hashed password information in a SAM database using a 128-bit encryption key. ... The Security Account Manager (SAM) is a database stored as a registry file in Windows NT and Windows 2000. ...


Resetting of private key data

In Win2k, the private key is not stored in a truly encrypted form. If an attacker can get physical access to the computer and reset a user's passphrases (with, for example, third-party tools: see [1]), he can log in as that user (or recovery agent) and gain access to the private key and decrypt all files. In Windows XP and beyond, the private key is encrypted using the hash of the user's passphrase and user name, and therefore it is impossible to recover the private key without knowing the user's passphrase. Also, again, setting SYSKEY to mode2 or higher (syskey typed in during bootup or stored on floppy) will prevent this attack, since the private keys will be stored in an encrypted SAM file that a hacker cannot decrypt, because he cannot know the SYSKEY passphrase/keyfile.


Other issues

Windows can store plaintext versions of user passphrases; it also can and will store, by default, the passphrases in LM hash, which can be attacked and broken relatively easily. It also stores passphrases in NTLM hash, which can be attacked using "rainbow tables". To defeat these attacks, Windows needs to be configured (from security policy) to never store or send LM/NTLM hashes or plaintext passwords, and, of course, to turn off automatic login (which stores passphrases in the registry). Also, using passphrases over 14 characters long prevents the LM hash being recorded and makes attacks against NTLM hash harder. Of course, if you consider the fact that EFS uses Triple DES or AES to encrypt files, you should use proper passphrase lengths (over 20 characters long) anyway. NTLM (NT LAN Manager), a computer networking cryptography protocol, operates in a variety of Microsoft Windows network protocols for authentication purposes. ... A rainbow table is a lookup table offering a time-memory tradeoff used in recovering the plaintext password from a password hash generated by a hash function, often a cryptographic hash function. ... The Registry Editor in Windows Vista By- Laxmikant Sharma, Retina-X, Jaipur, India. ... In cryptography, Triple DES (also 3DES) is a block cipher formed from the Data Encryption Standard (DES) cipher. ... In cryptography, the Advanced Encryption Standard (AES), also known as Rijndael, is a block cipher adopted as an encryption standard by the U.S. government. ...


When encrypting files with EFS, the plaintext files are not wiped, but simply deleted. This means that they can be easily recovered, unless they are overwritten. To properly use EFS, you should mark complete folders as EFS encrypted (so that all temporary files like Word document backups too are encrypted), and when you wish to encrypt particular files, copy them to that folder, and then securely wipe the plaintext versions. You can use Windows Cipher Utility to wipe files, folders or free space, or a third-party utility.


Anyone with administrator permissions can set himself as recovery agent. This is a very serious issue, since an attacker can simply break the administrator account (using third-party tools), set administrator as recovery agent and wait. When users sign in, their private keys are automatically encrypted to the administrator's public key. The attacker only needs to access the computer once again as administrator to gain full access to all EFS-encrypted files. Even using SYSKEY mode2 or 3 does not protect against the attack, because the attacker can bypass SYSKEY and gain admin access and create new keys for admin and restore syskey back to use and wait for the user to sign in. Of course, if the attacker can gain physical access to the computer, you might consider all security features to be irrelevant, because he could also install rootkits, software or even hardware keyloggers etc. to the computer anyway. A rootkit is a set of software tools frequently used by a third-party (usually an intruder) after gaining access to a computer system. ... Keystroke logging (often called keylogging) is a diagnostic tool used in software development that captures the users keystrokes. ...


Recovery

Files encrypted with EFS can only be retrieved with the encryption keys, which are themselves encrypted with the login password. Accessing encrypted files from outside Windows with Linux for example is not possible. Also using special programs to reset the login password render any encrypted file for that login inaccessible and thus useless. It has been suggested that Criticism of Linux be merged into this article or section. ...


See also

Portal:Cryptography
Cryptography Portal

Image File history File links Key-crypto-sideways. ... Filesystem-level encryption, is a form of disk encryption where individual files or directories are encrypted by the file system, in contrast to full disk encryption where the entire partition or disk, where the file system resides, is encrypted. ... To protect confidentiality of the data stored on a computer disk a computer security technique called disk encryption is used. ... It has been suggested that OTFE be merged into this article or section. ... DPAPI (Data Protection Application Programming Interface) is a relatively simple cryptography API available as a standard component in Microsoft Windows 2000 and later versions of Windows operating systems. ...

References

  1. ^ Chris Corio (May 2006). First Look: New Security Features in Windows Vista. TechNet Magazine. Microsoft. Retrieved on 2006-11-06.

For the Manfred Mann album, see 2006 (album). ... November 6 is the 310th day of the year (311th in leap years) in the Gregorian calendar, with 55 days remaining. ...

External links


  Results from FactBites:
 
Encrypting File System - Wikipedia, the free encyclopedia (1100 words)
Files and folders that are to be encrypted by the file system must be marked with an encryption attribute.
EFS works by encrypting a file with a bulk symmetric key (also known as the File Encryption Key, or FEK), which is used because it takes a relatively smaller amount of time to encrypt and decrypt large amounts of data than if an asymmetric key cipher is used.
The symmetric key that is used to encrypt the file is then encrypted with a public key that is associated with the user who encrypted the file, and this encrypted data is stored in the header of the encrypted file.
Best practices for the Encrypting File System (1636 words)
Encrypting files consistently at the folder level makes sure that files are not unexpectedly decrypted.
Although you can encrypt files individually, generally it is a good idea to designate a specific folder where you will store your encrypted files, and to encrypt that folder.
Files are encrypted through the use of algorithms that essentially rearrange, scramble, and encode the data.
  More results at FactBites »

 
 

COMMENTARY     


Share your thoughts, questions and commentary here
Your name
Your comments

Want to know more?
Search encyclopedia, statistics and forums:

 


Press Releases |  Feeds | Contact
The Wikipedia article included on this page is licensed under the GFDL.
Images may be subject to relevant owners' copyright.
All other elements are (c) copyright NationMaster.com 2003-5. All Rights Reserved.
Usage implies agreement with terms, 1022, m