[FDE] Intro and EFS as a viable FDE solution?
Mike Johnson
mike at enoch.org
Wed Nov 8 10:52:40 MST 2006
Curt Wilson wrote:
> Disclaimer: I'm not a crypto expert.
>
> My understanding on breaking EFS was that the local Administrator
> account was automatically a key recovery agent, and therefore if someone
> can obtain the system, boot into a linux distro and edit out the
> Administrator password, reboot, login as Administrator with the now
> blanked out password, a recovery could be done that would then allow
> decryption of any EFS contents. This leads me to believe that FDE is
> the best way to go, because a bootable linux distro won't be of any use
> to an attacker.
>
> if you know otherwise, please let me know. I have not tested this
> personally.
Yeah, that was one of the first things we looked into. It turns out
that if a computer is joined to a domain and properly enrolled, that the
local Administrator is not the recovery agent anymore. We also learned
that if you change the password in the way that you mention, the keys
for Administrator are invalidated, rendering the recovery key invalid
and unable to do anything.
I still think long term we want to do true FDE, but EFS seems "good
enough" for the short term. I'd rather know in advance if it sucks,
though. :)
Thanks,
Mike
More information about the FDE
mailing list