Re: BugTraq: EFS Win 2000 flaw

[Rickard Berglind <Rickard.Berglind () EIKNES SE>]

Attonbitus Deus <Thor () HAMMEROFGOD COM> wrote:

> So, yes, if one did encrypt a file in this manner, AND someone breaks in and
> rips off your hard drive, AND they don't figure out your password is
> "#BrittanySpears" AND you have correctly removed the restore cert AND the
> data has not been overwritten AND they decide to go through a
> sector-by-sector scan of your drives then they MAY actually see little bits
> of text here and there alluding the to secret hiding place of your porno
> collection.

If you put it that way there does not seems to be anything to worry 
about, but assume the following: Someone copy a important file with
sensitive information for his company to his laptop. He marks the
file as encrypted and a warning will pop up and tells you that it is
recommended to encrypt the entire folder, mostly because it will be
easier for you.
This person is sure that this is the only file that needs to be
encrypted and choose not to encrypt the folder. The user interface
replies: fine, now it is done.

On the way home the laptop is stolen. The question is: can the
person be sure that the file could not be read by the thief ?
The answer is of course that the file is left on the surface of
the disk in complete plain text.

Most likely the thief does not have a clue what a disk editor is
and just sell the computer to make his money, but this is not
really the point.
If you are presented with the possibility of encryption and
the interface allows you to encrypt single file - there really
should not be plain text versions of the files left behind.



regards,
Rickard Berglind