How I Learned about File Encryption the Hard Way

Thursday, September 06, 2012

Scott Thomas

8e6e3972318ff74b194801340248199e

So a week or more ago I mentioned on Twitter that I would tell of the horrible encryption failure I had when I first found out about how to encrypt data.

When I first moved into Information security years ago, I learned about how you could encrypt data and no one would be able to view it without the key.

So I was running Windows XP at the time and I decided to play with the Windows EFS on my home machine. I encrypted my local "personal data" folder, and moved it off to secondary storage.

I was able to view it, open it, move it back and forth, etc. The time came to reload my machine. I was careful to move and verify all my data on the secondary storage, verified I could access it, open it, etc.

I proceeded to DBAN the local drive, reload the OS, install the applications, and when the time came to move the data over, I couldn't open it. I thought "Hmm...that's odd..." I proceeded to try to re-copy the data over to the local drive, and check a few of the attributes of the file before realizing that I had encrypted the files before moving them.

I moved them to a NTFS drive, which meant it kept the encryption intact when I copied them to the external drive. I did my best google-fu to try to find any way to get this data back. The "personal data" contained family photos, my resume, web favorites, etc., so I was definitely not happy about losing it.

I even went so far as to ask a coworker to call in a favor to a friend at Microsoft. The reply was there was no backdoor/master key to get the data back again. I was learning a hard lesson in encryption really fast. Although I knew the passcode for the key, I was unable to retrieve the data.

The good thing that it did was make me want to learn more about file encryption and what can/can't be done with it.

I learned about file versus whole disk encryption, as well as where keys are stored. I also learned to be sure that no matter what, you move the keys if you're going to wipe a drive!

If I can offer anything to anyone about file encryption it would be to completely understand how it works before you play with live data when you have no other copy.

Also...if anyone breaks 256-AES EFS I'd like to chat with you :-)

Cross-posted from http://www.secureholio.com/?p=106

Possibly Related Articles:
9476
General
Information Security
Data Loss Encryption data destruction Best Practices Information Security Secure File Transfer Encryption Key
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.