Horseman Number 3: Osama Used 40 bits

Alan Ramsbottom alancr at ntlworld.com
Tue Jan 22 07:15:15 EST 2002


From: "Stef Caunter" <stefan.caunter at senecac.on.ca>

> An attacker with floppy boot access to a Win2K system would get reverse
> access to that machine's encrypted files only if the recovery cert for
> the domain was locally available (unlikely), or if the machine was not
> part of a domain.

In the two years or so since that EFS attack surfaced, I don't recall ever
seeing anyone ask *why* you get access in the stand-alone case.

The theory says a private key is encrypted under a random account 'master
key' which in turn is encrypted under a key derived from account credentials
(password and SID). Since the floppy based chntpw program works by simply
overwriting an account's password hash, any subsequent attempt to access a
private key should fail.

It works because the protected storage service can't handle password resets
when they are performed via a different (administrative) account, so it
maintains a second copy of each account's master key to recover from such
events. I believe the second copy is encrypted under some system secret (in
a domain this secret lives on the domain controller), but information about
this Win2K feature is scarce or opaque.

The documentation for WinXP implies this has changed i.e. there is no
automagic recovery of an account's master key if the password is reset via
another account. However there is a suggested recovery method that uses the
umm.. innovative Password Reset Disk.

-Alan-




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list