"John Howie" <JHowie@securitytoolkit.com> writes: > Todd (and lists), > > You wrote: > > > > > This is not completely correct, and I wanted to clarify how an attack > > against a domain-member's EFS encrypted files can work. The threat > > model is this: > > > > It is important to distinguish between a weakness in EFS (there is none, > as described here) and the risk associated with using cached logon > credentials. I agree there's no bug here, if that's what you mean. Whether this is a 'weakness', risk, vulnerability, or whatever is mainly semantics. Let's just say it's a property of EFS that its encryption is no stronger than the user's password in the scenario I outlined. The underlying point is that many organizations probably have password policies (complexity requirements and maximum password age) designed in part to mitigate the risk of the passwords being cracked before they expire (and become useless). Often, maximum age is in the ballpark of 45 days. The problem is that if someone has obtained a stolen laptop as I described, the user's password doesn't become useless when it expires unless the information in the files encrypted with EFS also becomes useless. If you want to encrypt information that has long term value, you probably need to either seriously reevaluate your password complexity requirements, put smart cards or some other hardware into the mix (as you mentioned), or use something other than EFS. -- Todd Sabin <tsabin@optonline.net> BindView RAZOR Team <tsabin@razor.bindview.com>
