Solved

How do I determine the method of encryption?

Posted on 2006-11-02
11
554 Views
Last Modified: 2013-12-04
I have enabled EFS. When I encrypt a file, it turns green. How do I determine which version of encryption it is using. I want to use 3DES and have made the registry change, but it could also be using DESX and I wouldn't know the difference. Is there some way to tell the difference between 128 bit vis 256 bit and DESX vs 3DES?
0
Comment
Question by:shakdk
  • 5
  • 5
11 Comments
 

Author Comment

by:shakdk
ID: 17863291
further info...
This is on a WinXP, SP2 workstation.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17863486
There is a header that tells what it is, I've never looked that closely or changed the defaults so I'm not sure what to look for... but by default, XP SP1 and greater is AES, using anything other than AES your stepping backward in encryption strength
http://support.microsoft.com/kb/329741
http://technet2.microsoft.com/WindowsServer/en/library/997fdd99-73ec-4041-9cf4-1370739a59201033.mspx?mfr=true
DESX was used in win2k, 3DES was XP, and AES is XP SP1 and 2003's default. I've moved files between older OS's and the newer OS can read them fine, however, files created on newer OS's using AES cannot be moved to the older OS, but I haven't tried this lately... maybe you can now.
-rich
0
 

Author Comment

by:shakdk
ID: 17863545
I guess this is the information I needed.

1. Decrypt all the EFS encrypted files in Windows XP SP1.
2. On the Windows XP SP1-based workstation, start Registry Editor.
3. Locate and then click the following key in the registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS
4. On the Edit menu, click Add Value, and then add the following registry value:
Value name: AlgorithmID
Data type: REG_DWORD
Radix: Hexadecimal
Value data: Use any of the values from the following list:
• 3DES: 0x6603 (This value is compatible with Windows XP and later.)
• DESX: 0x6604 (This value is compatible with all versions of Windows 2000 and Windows XP.)
• AES_256: 0x6610 (This is the default value. It is compatible with only Windows XP SP1 and later.)
 
5. Quit Registry Editor.
6. Restart the Windows XP SP1-based workstation.
7. Encrypt the files again using either operating system.

But would still like to find out what version of encryption its using.  I changed my registry entry to 6610 so I'm assuming that it's now using AES_256. Funny that by default there is no entry called AlgorithmID so I can't confirm the level of encryption before making adding the registry edit above.

Anyone else know what to look for in the header?
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17863832
When Xp is upgraded to SP2, AES is the default. 2003 is AES by default, because the EFS files are updated. Creating the registry key is a way to force a certain encryption level incase there are older systems that need this info. EFSinfo(or the details under advanced properties) can give you some additional info on the EFS file, but if you view the cert EFS is using, it does not say what algo is being used for the file. This is the best I can do...
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsck_efs_duwf.mspx?mfr=true

http://technet2.microsoft.com/WindowsServer/en/library/fc339cb3-5c17-43e6-9e48-7cf72a761bbf1033.mspx?mfr=true
3DES algorithm support
Windows XP Professional can be configured to use the triple-DES (3DES) algorithm instead of DESX. 3DES, which is compliant with Federal Information Processing Standards (FIPS 140-1 Level 1), offers significantly stronger encryption using a 128-bit or 168-bit key.
3DES is enabled through a Group Policy setting.
Note When 3DES is enabled, it is used as the encryption algorithm for IP Security as well as for EFS. For more information about configuring 3DES support, see “Enabling 3DES” later in this chapter.
When 3DES is enabled, all new encryptions are completed by using 3DES. Note that DESX and 3DES are always available for decryption, regardless of the encryption policy.
Note As of Service Pack 1 for Windows XP, the Advanced Encryption Standard (AES) algorithm is used by default for encrypting files with EFS. For more information, see article 329741, “EFS Files Appear Corrupted When You Open Them,” in the Microsoft Knowledge Base at http://support.microsoft.com.
-rich
0
 
LVL 3

Expert Comment

by:Stekman99
ID: 17867885
Check this one:

Best practices for the Encrypting File System
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:shakdk
ID: 17868486
You mention that my version of Windows XP Pro SP2, should be using AES by default. Which flavor of AES should it be using. I show that are three flavors.

AES-128, AES-192, AES-256

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/aes_provider_algorithms.asp

0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17868536
it's 256
Look for the heading: Default Encryption Algorithms
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx
The default algorithm for Windows XP Service Pack 1 and Windows Server 2003 is Advanced Encryption Standard (AES) using a 256-bit key. For users requiring greater symmetric key strength with a FIPS 140-1 compliant algorithm, the 3DES algorithm can be enabled.

EFS is a lost cause I feel, I prefer TrueCrypt, it's secure out of the box, and you don't have to do 10 steps to make sure its secured as you do with EFS, see Stekman99's link.
-rich
0
 

Author Comment

by:shakdk
ID: 17869459
Okay, so what's better AES-256 or 3DES. In your first message you said "anything other than AES your stepping backward in encryption strength." Then in your last post you said "The default algorithm for Windows XP Service Pack 1 and Windows Server 2003 is Advanced Encryption Standard (AES) using a 256-bit key. For users requiring greater symmetric key strength with a FIPS 140-1 compliant algorithm, the 3DES algorithm can be enabled."

I'm not trying to pick on you for what you said because I know these are pasted from other written documents on FES. I just need to know which is stronger and/ormore secure cause other than knowing the more bits the better, I really don't know or have I seen a chart listing them in order of strength/security.

Thanks!
Dave
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 250 total points
ID: 17869657
I see that now... here is a clarification: http://support.microsoft.com/kb/811833 (the article above I think mis-stated it's case)
Encrypting File System (EFS) is also affected by this setting. By default, Windows XP uses the Data Encryption Standard (DESX) algorithm with a 56-bit key length. If the Windows high encryption pack is installed, the key length for this algorithm is Triple-DES (3DES) or 128 bits. By default, on Windows XP Service Pack 1 (SP1)-based and Windows Server 2003-based computers, EFS uses the Advanced Encryption Standard (AES) algorithm with a 256-bit key length. However, if you enable the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing setting on these computers, the operating system will use 3DES with a 128-bit key length instead.
AES-256 is without question stronger than 3DES-128... but AES isn't listed as a FIPS-1 algo http://en.wikipedia.org/wiki/FIPS_140 (AES is a FIPS 140-2 approved algo, 140-1 came out before AES was created/released)
-rich
0
 

Author Comment

by:shakdk
ID: 17882584
I believe I need to use FIPS140-2 so can go with the default Windows XP Pro SP2 algo. How do I verify that I have the high encryption pack installed or do I even need it?
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17882857
It's installed by default on XP I believe, it was an upgrade/patch for win2k and nt4, the latest SP's of those OS's will have that patch.  Only win2k and nt4 should need it installed, but if they have the latest SP it's installed.
-rich
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Explore the encryption capabilities built into Google Apps and how these features can help you meet privacy policy and regulatory compliance, but are not a full solution. Understand and compare the most popular email encryption services for Google A…
This video discusses moving either the default database or any database to a new volume.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now