Jim Henderson wrote:
> If the built-in encryption keys off the login password only (ie, the 
> login password just unlocks the encryption key), then as an admin, you 
> just have to change the user's password. 

If you change the password without knowing the old password, you can't 
decrypt the private key that encrypts the shared secret.  So, basically, 
you lose access to the encrypted files.

Each file is encrypted with a random symetric key. That symetric key is 
encrypted with the (same) user's private key.  The private key is 
encrypted with the login password. If you change the login password 
without knowing the old one, you can no longer decrypt the private key.

If you change your private key, the old one is kept around until you run 
cipher /u, which scans the entire drive and updates the symetric keys to 
be encrypted with the new private key.  But you don't normally do such a 
thing unless you're doing something like adding an escrow key, joining a 
domain, or something like that.

> the login password, so if you root my machine and change my login 
> password, you're still not getting at the encrypted files.

Neither on Windows.

>> Or just zip things up with a password.
> 
> That's a pain to use, though 

Plus it's trivially easy to crack. Even long passwords hash down to 8 
characters or something. There are plenty of free programs that'll crack 
a zip archive in a matter of minutes or hours just with brute force.

-- 
Darren New / San Diego, CA, USA (PST)
  Helpful housekeeping hints:
   Check your feather pillows for holes
    before putting them in the washing machine.

Post a reply to this message