4

So, after reading through the dialog from one the EFS Windows--after encrypting certain files on my system--I ran into a possible complication.

If I'm not mistaken, the encrypted file or folders are only inaccessible to other users. In this case, I mean being able to read or open these items.

What if, however, someone manages to gain access to my account?

Wouldn't they then have access to these so-called encrypted files and folders?

How does that work at all? I would have thought that they'd implement it like they do for MS Office documents, but I've never been prompted for a password in this case. I can open all "encrypted" files by just double clicking.

So, I guess what I'm wondering is: is this enough?

Should I just use MS Word to encrypt my files? At least this application uses a password to read the file. Does it matter at all?

T.R.G.

ThatRandomGuy
  • 165
  • 1
  • 5
  • 3
    `...someone manages to gain access to my account?` - That is not something EFS can protect against. Its used to protect and potentially recover files using certificates. Regardless of file permissions. – user2320464 Oct 06 '16 at 02:34
  • Be careful with Word and similar office applications that offer to *protect* file with passwords - often it's just a convenience to prevent accidental modification, but does not actually *encrypt* the files, it only tells the legitimate app to prompt for a password. A malicious app would bypass that. – André Borie Oct 07 '16 at 00:21

1 Answers1

4

EFS serves two purposes:

  1. It encrypts your data at rest. An attacker who steals your computer but doesn't know your password cannot recover the encrypted data.
  2. It secures files on a multi-user system in such a way that other users cannot read the files, even if the ACLs permit it. For example, any member of the Administrators group can usually override the ACLs to gain access to any file. With EFS, even an Administrator cannot decrypt the file (unless they were granted access to the encrypted data specifically, which is not something you're likely to do by accident).

Note that even if an Administrator resets your password, they can't access your encrypted files. In fact, resetting a password makes EFS-encrypted files permanently unrecoverable.

Now, if you're worried about attackers with access to your account, then you need to use a different mechanism, yes. Some good options:

  • VeraCrypt, based on the TrueCrypt project (before it was disbanded). Also lets you create entire encrypted volumes that can't be accessed without the password (although once mounted, they remain accessible without re-entering the password until you close them).
  • PGP (or more likely, GPG, which is free and open source). Lets you encrypt files either with a password, or with a public key; in the latter case they can't be decrypted without the private key, which is usually itself password-protected.
  • BitLocker, a full-disk - technically full-volume - encryption feature built into some Windows editions. Used on a on a removable drive, you can set a password (though once it is plugged in and the passkey entered, Windows will keep the drive decrypted until you reboot your PC or eject the drive).
  • 7-Zip, a compression and archive management tool. Supports much higher-quality encryption than the (trivially breakable) legacy Zip encryption. Not really a crypto tool, but seems to have decent crypto quality.

Using Word as an encryption tool is... not a great idea, but if you have a modern version it's probably OK (at least for Word files). Office used to use really awful encryption, but it's supposedly better now. Still, you really ought to use something focused on crypto instead.

CBHacking
  • 40,303
  • 3
  • 74
  • 98
  • `resetting a password makes EFS-encrypted files permanently unrecoverable.` - this is true if EFS hasn't been properly designed in the enterprise. However there are [guides to ensure data is still recoverable](https://technet.microsoft.com/en-us/library/cc730721(v=ws.11).aspx). – user2320464 Oct 06 '16 at 05:04
  • 1
    What do you call *resetting* a password? Hopefully EFS can survive when the user changes his/her password... But there is a different use case in case of a crash: if you create a user with same name and password, and restore all of its files, the EFS file will be unreadable because it uses internally the use SID. – Serge Ballesta Oct 06 '16 at 06:46
  • 2
    *Resetting* (as opposed to *changing*) a password is an administrative task that wipes out your old password and replaces it with one chosen by the admin. Critically, it doesn't requires your old password, which means it can't decrypt things (like EFS keys) that are encrypted using the old password. Therefore, if somebody resets your password, your EFS keys can never be recovered, so your EFS files can't be decrypted. If you instead *change* your password, it just re-encrypts your EFS keys with the new password (after decrypting them with the old). – CBHacking Oct 06 '16 at 07:59