Okay so to update my previous post I found out some interesting things:
1. Windows 2000 encrypts files using DESx, which basically is a des algorithm, except using a longer key and a couple extra steps making it slightly more obnoxious but still easilly decrypted. (from what I can tell is DESx calls for three keys, first a 64 bit XOR pre-whitening key, a 56 bit DES key, and a 64 bit post whitening key). However microsoft says they use a 128 bit key (but only for us only copies) and 56 bit for export copies, which leads me to believe that while they use the DESX algo they don't actually generate three keys like they should but use zeros in the two xor operations making it plain DES.
2. That key is different per file.
3. That key is encrypted with an RSA algo.
So while it is concievable that I could decrypt each and every file though brute force I'm starting to look at seeing if EFS takes a file encrypts it and then attaches the coresponding headers to it, or if it modifies the headers. Because if it does the first of those two options then the file name would be encrypted (using the aforementioned DES algo) in the file. This of course would allow breaking into each of the encrypted files without having to obtain the private key used to encrypt the DES key on each file, nor the original plaintext file (which would be very cool because I could then recover all my data, not just that which I already have). Then again with the large volume of individual files I have it would be interesting to see if I can obtain the DES keys and their coresponding RSA encrypted pairs and then try to get the private key from those. Of course none of these tasks are particularly easy to impliment. So I guess I'll be spending many hours with matlab if I actually try to do this.
1. Windows 2000 encrypts files using DESx, which basically is a des algorithm, except using a longer key and a couple extra steps making it slightly more obnoxious but still easilly decrypted. (from what I can tell is DESx calls for three keys, first a 64 bit XOR pre-whitening key, a 56 bit DES key, and a 64 bit post whitening key). However microsoft says they use a 128 bit key (but only for us only copies) and 56 bit for export copies, which leads me to believe that while they use the DESX algo they don't actually generate three keys like they should but use zeros in the two xor operations making it plain DES.
2. That key is different per file.
3. That key is encrypted with an RSA algo.
So while it is concievable that I could decrypt each and every file though brute force I'm starting to look at seeing if EFS takes a file encrypts it and then attaches the coresponding headers to it, or if it modifies the headers. Because if it does the first of those two options then the file name would be encrypted (using the aforementioned DES algo) in the file. This of course would allow breaking into each of the encrypted files without having to obtain the private key used to encrypt the DES key on each file, nor the original plaintext file (which would be very cool because I could then recover all my data, not just that which I already have). Then again with the large volume of individual files I have it would be interesting to see if I can obtain the DES keys and their coresponding RSA encrypted pairs and then try to get the private key from those. Of course none of these tasks are particularly easy to impliment. So I guess I'll be spending many hours with matlab if I actually try to do this.
0 Comments:
Post a Comment
<< Home