Horseman Number 3: Osama Used 40 bits

Stef Caunter stefan.caunter at senecac.on.ca
Sun Jan 20 23:18:00 EST 2002


----- Original Message -----
From: "Jon Simon" <jon at jonsimon.com>
To: <cryptography at wasabisystems.com>
Sent: Friday, January 18, 2002 8:00 PM
Subject: Re: Horseman Number 3: Osama Used 40 bits


> Can anyone else confirm or deny that this is the case?  If it is so,
> it would bring new meaning to the term "weak encryption."
> Thanks,
> Jon Simon


For Win2K, it seems that the local administrator is the "default recovery
agent" on that box; Microsoft EFS provides "built in data recovery"; this is
a policy which must be configured before EFS will be available to users; a
recovery certificate must exist; Microsoft recommends that it be removed
from the recovery agent's personal store and only installed in case of
necessity; it seems that there is no irreversible file encryption using
Microsoft EFS.

BTW their default strength is 56 bit DESX, upgradeable to 128 bit for North
America.

It is important to note that local settings are overridden by domain
settings on a correctly configured network. The NT change password utility
is AFAIK _not_ remotely exploitable; it provides write access to the SAM on
any locally mountable NTFS. An attacker with floppy boot access to a Win2K
system would get reverse access to that machine's encrypted files only if
the recovery cert for the domain was locally available (unlikely), or if the
machine was not part of a domain.

There is quite possibly a general backdoor to the Microsoft EFS about which
we do not know. The EFS is a deterrent to network interception or system
theft. Users should be under no delusion about EFS and file readability. A
bad guy might not be able to read your files, but the boss can.

BTW, with encrypted file systems on linux, CFS and Transparent CFS files
will not be readable by the sysadmin unless they run a sniffer or a
keylogger to grab the passwords protecting the user's key. AFAIK there is no
reversibility short of cryptanalysis with these utilities.

Stefan Caunter, MCSE


[Moderator's note: lots of trailing quoted material deleted. *Please*
trim your messages before posting. --Perry]


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list