[FDE] Intro and EFS as a viable FDE solution?

Bryan Glancey bryan at mobilearmor.com
Fri Nov 10 09:14:26 MST 2006 

Please see www.blackhat.com and query for old EFS cracking video. You
can watch the presentations from prior DEFCOMs where EFS is attacked.


Regards;

Bryan
------------------------------------
Mobile Armor
Bryan E. Glancey
Co - Founder & Chief Technology Officer
bryan at mobilearmor.com
400 South Woods Mill Rd.
Suite 110
Chesterfield, MO 63017
tel: 877-276-6778
fax: 877-277-7369
mobile: 314-495-2048
http://www.mobilearmor.com/
------------------------------------

-----Original Message-----
From: fde-bounces at www.xml-dev.com [mailto:fde-bounces at www.xml-dev.com]
On Behalf Of Curt Wilson
Sent: Wednesday, November 08, 2006 10:41 AM
To: Mike Johnson
Cc: fde at www.xml-dev.com
Subject: Re: [FDE] Intro and EFS as a viable FDE solution?

Disclaimer: I'm not a crypto expert.

My understanding on breaking EFS was that the local Administrator
account was automatically a key recovery agent, and therefore if someone
can obtain the system, boot into a linux distro and edit out the
Administrator password, reboot, login as Administrator with the now
blanked out password, a recovery could be done that would then allow
decryption of any EFS contents.   This leads me to believe that FDE is
the best way to go, because a bootable linux distro won't be of any use
to an attacker.

if you know otherwise, please let me know. I have not tested this
personally.



Mike Johnson wrote:
> Howdy all,
> 
> Just found this list while looking for information about full disk 
> encryption for an enterprise.  We're approaching it as a two phase 
> implementation, where the first phase may be tossed.  We have a 
> short-term need (mandate) to implement encryption on a few (about
fifty) 
> sensitive laptops.  Long term, we want all our laptops encrypted.
> 
> We're looking at EFS because, well, it's free.  We've been doing 
> research on it, its limitations and its weaknesses.  Some of the 
> weaknesses seem to go away once you implement it on domain resident 
> systems.  EFS may simply be a short term solution for us, but we're
not 
> sure how it'll scale/work across several thousand laptops.
> 
> Has anyone on this list done FDE on a large scale?
> 
> Oh, and, howdy. :)
> 
> Thanks!
> Mike
> _______________________________________________
> FDE mailing list
> FDE at www.xml-dev.com
> http://www.xml-dev.com/mailman/listinfo/fde


-- 
Curt Wilson
IT Network Security Officer
Southern Illinois University Carbondale
618-453-6237

GnuPG key: http://www.infotech.siu.edu/security/curtw.pub.asc

_______________________________________________
FDE mailing list
FDE at www.xml-dev.com
http://www.xml-dev.com/mailman/listinfo/fde

More information about the FDE mailing list