Solved

How safe is XP Pro encryption?

Posted on 2006-06-26
10
417 Views
Last Modified: 2010-04-11
I use XP Pro encryption.  I understand that it is near impossible to crack the encryption (would take decades with today's supercomputers).  Does anyone disagree and can provide credible links to support such a claim?
0
Comment
Question by:SAbboushi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
10 Comments
 
LVL 3

Assisted Solution

by:GeneralMandible
GeneralMandible earned 150 total points
ID: 16989131
That depends...is LM caching turned on?  How long/complex is your password?  If you have the settings tweaked correctly, you would force someone to have to use a brute force attack in order to crack it.  There are all sorts of security sites out there to find good information on securing your files (cisecurity.org, us-cert.gov, etc.)  If you have a weak password and LM caching is turned on, it may only take a matter of minutes to crack the password.
0
 

Author Comment

by:SAbboushi
ID: 16989253
Hi GeneralMandible - thanks for your post.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\nolmhash is set to dword:1

and

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\lmcompatibilitylevel is set to dword:00000005 (Send NTLM response only)

Password is 10 characters upper/lower case & symbols
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 350 total points
ID: 16989566
Still, with rainbow tables, the password can be found in a few hours, there are sites dedicated to sharing their tables, and NTLM isn't up to todays standards, blowfish, aes, etc..
Even worse, no one has to crack the password to get into your files, if they have physical access to the machine, all you have to do is reset the password using many of the password resets available for offline password resets. The SAM hashes can also be replaced using known passwords in the same way, and Syskey is not a factor when the kernel isn't running. Windows still stores the NTLM hash in the SAM, and there are other stored credentials on Xp that can lead to the password compromise: http://www.oxid.it/ca_um/topics/mscache_hashes_dumper.htm http://www.oxid.it/ca_um/

The best way to secure your EFS is to export the decryption keys, so that no keylogger, or possible password compromise is a factor. EFS access is credential based, not password based, so you must simply successfully auth the username and have the proper decryption keys also. There is also a plain-text recovery that is possible with phusical acces, EFS stores a plain-text copy of the file/folder it's encrypting, then "deletes" it.
http://seclists.org/lists/bugtraq/2001/Jan/0336.html 

EFS is secure, you just need to do a lot of work to get it that way, and keep it that way http://support.microsoft.com/kb/223316/en-us
-rich
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 38

Expert Comment

by:Rich Rumble
ID: 16992320
M$ has also noted the "admin reset" for a non-domain pc can allow EFS data to be compromised:
http://www.microsoft.com/technet/archive/security/news/efs.mspx (still applies to XP/2003)
-rich
0
 
LVL 3

Expert Comment

by:GeneralMandible
ID: 16996669
Using NTLMv2 is the recommended setting.  Also, using a PW that is 15 characters or more prevents the effectiveness of rainbow tables.  Another thing you can incorporate into the PW to make it stronger is using one or more ALT characters (holding down ALT and typing in a three digit number in the num pad).

If your really worried about this data, you need to physically secure it also.  That means preventing people from getting to the device that it is stored on.

Another thing you can use is PGP or GPG.  GPG is the completely free version.
Here's info about it:
http://aplawrence.com/Basics/gpg.html

Here's the GPG site:
http://www.gnupg.org/(en)/index.html

If you want to have more fun with encryption, you can use some Stego.  People can see encrypted files from a mile away.  It's like having a big safe in your living room.  They know you must have something of value in there.  With stego, you can hide files within another file & use encryption.  Now you've taken the safe and put it into the wall and hung a picture in front of it.  People would really have to look for it.  Just make sure the files that are masking your info fit your profile.  They have to look like something you should have.  

No matter how secure it is electronically, you still need to secure it physically.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17000145
NTLMv2 doesn't help with physical access, the only hashs stored in the SAM is NTLM and LM. The author has turned off LM cacheing. Alt codes really do help keeping a pass from being bruteforced, but with physical access the hacker is going to reset the pass anyway and not have to try BF. There are also several compatibility issues with alt codes, you can't send them over HTTP, such as when using VNC via through a browser, or when trying to logon to Outlook/Excahgne OWA sites.  Physically secureing the encryption key's is very effective. Keeping them on the PC is like sticking an extra house key under the door mat, it's there for anyone to retrieve. The encryption keys should be exported, backed up, and kept secure.

PGP/GPG are great, as are programs like TrueCrypt and Steganos Security Suite, the latter two are using stegnography to hide the data archives go give you the added benefit of plausible deniability.
To answer the authors question, EFS can be secure, but it takes more work than other products need right out of the box.
-rich
0
 
LVL 1

Expert Comment

by:BooneSaysHi
ID: 17005656
If you are looking to protect your data files in the event that the machine is stolen then check out http://www.dekart.com/ they provide a software package that creates a virtual disk drive encrypted using AES encryption that is independent of the OS.  As a previous poster pointed out: XP encryption is worthless if the attacker has physical access to the machine.  This software will protect the files.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17006347
TrueCrypt has similar features to the above. XP's offering can be secured, again it takes more effort than most other offerings.
-rich
0
 

Author Comment

by:SAbboushi
ID: 17161862
Hi guys - thanks for the posts.  Sorry I disappeared for awhile - my dad died...

Richrumble and BooneSaysHi - I appreciate the recommendations for other solutions, but that is not what I was looking for.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Recovering from what the press called "the largest-ever cyber-attack", IT departments worldwide are discussing ways to defend against this in the future. In this process, many people are looking for immediate actions while, instead, they need to tho…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question