Berkeley CSUA MOTD:Entry 35767
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2025/04/07 [General] UID:1000 Activity:popular
4/7     

2005/1/18-19 [Computer/SW/OS/Windows, Computer/SW/Security] UID:35767 Activity:nil
1/18    WinXP question. Let's say I have a backup folder, encrypted using
        EFS. Then I backup my private keys using "cipher /x:keys".
        Then one day my computer crashes and I'd like to read the
        backup folder. How do I export the keys to a newly installed
        WinXP so that it'll read the encrypted files? ok thx.
        \_ I believe all you need is to attach the hard drive to another
           computer (via IDE or external drive) and login with the same
           username and password, and the files will magically decrypt
           as you open them.
           If you want to access the files with another username, there
           are steps in the link (search for "import your keys"), but it
           sounds complicated.
           http://www.microsoft.com/technet/security/topics/crypto/efs.mspx
ERROR, url_link recursive (eces.Colorado.EDU/secure/mindterm2) 2025/04/07 [General] UID:1000 Activity:popular
4/7     

You may also be interested in these entries...
2010/4/28-5/10 [Computer/SW/OS/Windows] UID:53807 Activity:nil
4/28    Win 3.1 was more widely adopted than Win 3.0.  Win XP (5.1) was more
        widely adopted than Win 2k (5.0).  Now it looks like Win 7 (6.1) is
        going to be more widely adopted than Vista (6.0).  Is this a trend on
        Microsoft x.0 versions being bad?
        \_ duh.
        \_ "more widely adopted" ... well... what are you basing these numbers
	...
2010/2/18-3/9 [Computer/SW/WWW/Browsers] UID:53713 Activity:nil
2/18    Why is there now Firefox 3.5.8 when there was already 3.6 a month ago?
        \_ Why is there Windows XP SP3 when there was already Vista?
           Generally companies manage patches for at least two levels of
           product.  -tom
           \_ I see.  So Fx 3.6 is more like a new version than an update to
              3.5.x.  --- OP
	...
2009/8/4-13 [Computer/SW/OS/Windows] UID:53239 Activity:kinda low
8/3     VMWare + Windows XP + Validation question. I need to test stuff with
        Service Pack 3 installed. I have a valid key that I own (yeah yeah I
        actually *bought* a copy, please don't flame me for supporting evil
        M$). Is it possible to register the key once, and then duplicate it
        for testing purposes?  Will Windows or Microsoft detect copies and
        disable the rest the copies?
	...
2009/6/1-3 [Computer/HW/CPU] UID:53068 Activity:high
5/31    History of winners and losers by *popularity*:
        VHS > Beta Max
        USB2 > Firewire
        x86 > PowerPC > Everything Else > DEC Alpha > Itanium
        BlueRay > HDDvd
        \_ It's too early to tell RE: "Blue"Ray. They may both turn out to be
	...
2009/2/20-25 [Computer/SW/OS/Windows] UID:52610 Activity:nil
2/20    I'm using Cygwin/X on XP.  All the X indows (xterm, emacs)
        seem to have a keyboard repeat rate and a repeat delay that's different
        than the one XP uses for other Windows apps.  When I do "mode con
        rate=xx delay=yy", it only changes Windows apps but not the X apps.
        How do I change the keyboard repeat rate and delay for X?  Thanks.
        \_ man xset
	...
2008/11/29-12/6 [Computer/SW/OS/FreeBSD, Computer/SW/OS/VM] UID:52129 Activity:moderate
11/29   I'm experimenting with virtualization, and as a poor college student
        I'm wondering what the best alternatives for virtualization are, and
        how best to cut my teeth on messing with non-linux platforms (or I
        guess interesting stuff on Linux would work too). Right now I've got
        FreeBSD7 running on KVM on my home computer (on a Core 2 Quad), and am
        somewhat at a loss as to how to use it. (More details: bridged
	...
2008/11/15-26 [Computer/SW/OS/Windows] UID:51993 Activity:nil
11/14   I have a bunch of pictures and I find that thumbs.db on
        Windows XP to be very useful, especially when you're on NAS
        and the network is slow. Having that said, my Win XP has
        stopped generating thumbs.db even though I've set it to generate
        thumbs.db (Properties->View->Uncheck "Do not cache thumbnails.").
        How do I force Windows to generate Thumbs.db? Googling seems
	...
2008/10/12 [Computer/SW/OS/Windows] UID:51487 Activity:nil
10/12   When XP boots up on my PC, the screen reads "Microsoft (R) Windows (R)
        5.01. 2600 Service Pack 3 Multiprocessor Free."  What does "Free" mean?
        Thx.
	...
2008/9/22-29 [Computer/SW/OS/OsX] UID:51261 Activity:nil
9/21    So I did it and got myself a Macbook Pro. Any suggestions for the best
        PC->Mac transition?  After finding out that Outlook is not supported
        under Mac; I bought parallels and am installing XP to grab my outlook
        mail archive (~1GB) from the original PC disk (the pc itself is
        basically dead). Any suggestions on a relatively painless import to
        entourage? The Mac Genius guy also reccomended an upgrade to 4GB and
	...
2008/9/18-19 [Computer/HW/Laptop] UID:51217 Activity:low
9/18    My  7 year old Dell laptop is slowly  decending into its death throws.
        I am seriously considering an Mac laptop; but am having a hard time deaa\
        ling with the price. Curious to find out  if people really think that
        the extra $$ upfront was a good investment. a 2K macbook pro with
        standard config can buy a high end dell laptop
        \_ I have both a MacBook Pro (and before that a PowerBook) and a
	...
2013/10/24-11/21 [Computer/Companies/Apple] UID:54747 Activity:nil
9/19    "No, A Severed Finger Will Not Be Able to Access a Stolen iPhone 5S"
        http://mashable.com/2013/09/15/severed-finger-iphone-5s
        I'm sure the Apple QA department has tested extensively that a severed
        finger will not be able to access a stolen iPhone 5S.
        \_ It doesn't matter whether or not a severed finger can be used.  It
           matters whether or not a robber thinks that a severed finger can be
	...
2013/6/6-7/31 [Politics/Foreign/Asia/China, Computer/SW/Security] UID:54690 Activity:nil
6/6     Wow, NSA rocks. Who would have thought they had access to major
        data exchangers? I have much more respect for government workers,
        crypto experts, mathematicans now than ever.
        \_ flea to Hong Kong --> best dim-sum in the world
           \_ "flee"
        \_ The dumb ones work for DMV, the smart ones for the NSA. If you
	...
2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil
8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...
2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil
8/29    There was once a CSUA web page which runs an SSH client for logging
        on to soda.  Does that page still exist?  Can someone remind me of the
        URL please?  Thx.
        \_ what do you mean? instruction on how to ssh into soda?
           \_ No I think he means the ssh applet, which, iirc, was an applet
              that implemented an ssh v1 client.  I think this page went away
	...
2012/9/24-11/7 [Computer/SW/Languages, Computer/SW/Unix] UID:54484 Activity:nil
9/24    How come changing my shell using ldapmodify (chsh doesn't work) doesn't
        work either? ldapsearch and getent show the new shell but I still get
        the old shell on login.
        \_ Scratch that, it magically took my new shell now. WTF?
           \_ probably nscd(8)
	...
2012/8/7-10/17 [Computer/SW/Security] UID:54455 Activity:nil
8/6     Amazon and Apple have lame security policies:
        http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all
        "First you call Amazon and tell them you are the account holder, and
         want to add a credit card number to the account. All you need is the
         name on the account, an associated e-mail address, and the billing
         address. "
	...
2012/7/13-8/19 [Computer/SW/Security, Computer/Companies/Yahoo] UID:54436 Activity:nil
7/13    Why would Yahoo store passwords unencrypted?  I recall that even 20+
        years ago the passwords stored in /etc/passwd on instructional
        machines here at Cal were one-way encrypted.  (I think those were
        Ultrix machines.)
        \_ Doesn't this say anything already?
           http://finance.yahoo.com/echarts?s=YHOO+Interactive#symbol=yhoo;range=5y
	...
Cache (8192 bytes)
www.microsoft.com/technet/security/topics/crypto/efs.mspx
Summary An Overview of the Encrypting File System The Encrypting File System (EFS) is a component of the NTFS file system o n Windows 2000, Windows XP Professional, and Windows Server 2003. Any individual or program that doesn't possess the appropriate cryptog raphic key cannot read the encrypted data. Encrypted files can be protec ted even from those who gain physical possession of the computer that th e files reside on. Even persons who are authorized to access the compute r and its file system cannot view the data. While other defensive strate gies should be used, and encryption isn't the correct countermeasure for every threat, encryption is a powerful addition to any defensive strate gy. EFS is the built-in file encryption tool for Windows file systems. However, every defensive weapon, if used incorrectly, carries the potenti al for harm. EFS must be understood, implemented appropriately, and mana ged effectively to ensure that your experience, the experience of those to whom you provide support, and the data you wish to protect aren't har med. This document will Provide an overview and pointers to resources on EFS. Name the dangers and counsel mitigation and prevention from harm. The major sources of in formation are the Microsoft resource kits, product documentation, white papers, and Knowledge Base articles. This paper provides a brief overvie w of major EFS issues. Wherever possible, it doesn't rework existing doc umentation; In short, i t maps the list of desired knowledge and instruction to the actual docum ents where they can be found. In addition, the paper catalogs the key el ements of large documents so that you'll be able to find the information you need without having to work your way through hundreds of pages of i nformation each time you have a new question. However, using EF S without knowledge of best practices and without understanding recovery processes can give you a mistaken sense of security, as your files migh t not be encrypted when you think they are, or you might enable unauthor ized access by having a weak password or having made the password availa ble to others. It might also result in a loss of data, if proper recover y steps aren't taken. Therefore, before using EFS you should read the in formation links in the section "Misuse and Abuse of EFS and How to Avoid Data Loss or Exposure." The knowledge in this section warns you where l ack of proper recovery operations or misunderstanding can cause your dat a to be unnecessarily exposed. To implement a secure and recoverable EFS policy, you should have a more comprehensive understanding of EFS. Top of page What EFS Is You can use EFS to encrypt files stored in the file system of Windows 200 0, Windows XP Professional, and Windows Server 2003 computers. EFS isn't designed to protect data while it's transferred from one system to anot her. EFS uses symmetric (one key is used to encrypt the files) and asymm etric (two keys are used to protect the encryption key) cryptography. Understan ding both of these topics will assist you in understanding EFS. A solid overview of EFS and a comprehensive collection of information on EFS in Windows 2000 are published in the Distributed Systems Guide of th e Windows 2000 Server Resource Kit. mspx) details Windows XP and Windows Se rver 2003 modifications. The section below, "Key Differences between EFS on Windows 2000, Windows XP, and Windows Server 2003," summarizes these differences. The following are important basic facts about EFS: EFS encryption doesn't occur at the application level but rather at the f ile-system level; therefore, the encryption and decryption process is tr ansparent to the user and to the application. If a folder is marked for encryption, every file created in or moved to the folder will be encrypt ed. Applications don't have to understand EFS or manage EFS-encrypted fi les any differently than unencrypted files. If a user attempts to open a file and possesses the key to do so, the file opens without additional effort on the user's part. If the user doesn't possess the key, they rec eive an "Access denied" error message. File encryption uses a symmetric key, which is then itself encrypted with the public key of a public key encryption pair. The related private key must be available in order for the file to be decrypted. This key pair is bound to a user identity and made available to the user who has posse ssion of the user ID and password. If the private key is damaged or miss ing, even the user that encrypted the file cannot decrypt it. If a recov ery agent exists, then the file may be recoverable. If key archival has been implemented, then the key may be recovered, and the file decrypted. EFS is an excellent file encryption syste mthere is no "back door." File encryption keys can be archived (eg exported to a floppy disk) and kept in a safe place to ensure recovery should keys become damaged. Any user who can obtain th e user ID and password can log on as that user and decrypt that user's f iles. Therefore, a strong password policy as well as strong user educati on must be a component of each organization's security practices to ensu re the protection of EFS-encrypted files. EFS-encrypted files don't remain encrypted during transport if saved to o r opened from a folder on a remote server. The file is decrypted, traver ses the network in plaintext, and, if saved to a folder on the local dri ve that's marked for encryption, is encrypted locally. EFS-encrypted fil es can remain encrypted while traversing the network if they're being sa ved to a Web folder using WebDAV. This method of remote storage isn't av ailable for Windows 2000. Top of page Basic How-tos How to Encrypt and Decrypt Files, Recover Encrypted Files, Archive Keys, Manage Certificates, Back Up Files; and Disable EFS EFS functionality is straightforward, and you can find step-by-step instr uctions in many documents online. Links to specific articles for each po ssible EFS function, as well as some documents which summarize multiple functionality, follow. If the document is a Knowledge Base article, the Knowledge Base number appears in parentheses after the article title. Encrypting and Decrypting The process of encrypting and decrypting files is very straightforward, b ut its important to decide what to encrypt and to note differences in EF S based on the operating system. Encrypting Files in Windows 2000" (222054) explains setting folder e ncryption. Remember, once a folder is marked for encryption, it isn't ne cessary to manually mark for encryption the files placed within it. HOW TO: Remove File Encryption in Windows XP" (308993) tells how to decrypt a file by removing the file encryption property. Sharing Encrypted Files The GUI for sharing encrypted files is available only in Windows XP and W indows Server 2003. Top of page Planning for and Recovering Encrypted Files: Recovery Policy A recovery policy can be an organization's security policy instituted to plan for proper recovery of encrypted files. It's also the policy enforc ed by Local Security Policy Public Key Policy or Group Policy Public Key Policy. In the latter, the recovery policy specifies how encrypted file s may be recovered should the user private key be damaged or lost and th e encrypted file unharmed. Recovery can be either data recovery (Windows 2000, Windows XP P rofessional, and Windows Server 2003) or key recovery (Windows Server 20 03 with Certificate Services). Windows 2000 EFS requires the presence of a recovery agent (no recovery agent, no file encryption), but Windows X P and Windows Server 2003 don't. By default, Windows 2000 and Windows Se rver 2003 have default recovery agents assigned. The user account bound to the recove ry agent certificate is used to decrypt the file. The file should then b e delivered in a secure manner to the file owner, who may then encrypt t he file. Recovery via automatically archived keys is available only with Windows Server 2003 Certificate Services. Additional configuration beyo nd the installation of Certificate Services is required. In either case, it's most important that a written policy and procedures for recovery a r...