Windows XP Folder Encryption Key ? - Where is the Windows XP encryption Key saved.
Discussion by abartar with 17 Replies.
Last Update: August 2, 2010, 5:34 am (View Latest)
|Page 1 of 2 pages.|
Or how to retrive the data without the encrytion key.
By encrypting a file or folder, we are converting it to a format that can't be read by other people. A file encryption key is added to files or folders that you choose to encrypt. This key is needed to read the file.
QUOTEOr how to retrive the data without the encrytion key.
This a well-known and very funny problem.
Of course, data are crypted in order to prevent you from reading them.
The encryption key is here part of the thing.
So, if the encryption algorythm is correct, it will not be easy to retrieve the data without the encryption key.
Probably the army has some huge computers in charge of such things : put your disk in such computer, and if their algorithms are better than Crosoft ones, and if their computers are big enough, and if you have enough time...
First off I have never used EFS because I think the security completely stinks. I have adopted PGP Whole Disk encryption as my standard method. Let’s take this scenario for example. You are the administrator on a computer and have a child. You have given your kid his own account and they are fairly responsible and computer literate so you don’t think anything else of it. One day as you are browsing through “C:\documents and setting\kids name” you notice some encrypted files. For what ever reason you decide you really need to know what is in them without your kid knowing. Even though you maybe logged on as administrator you are not able to access the encrypted files. As a side note this is not the case if the administrator has been named the recovery agent, but we will assume you are not that lucky (http://support.microsoft.com/kb/308993/EN-US/). Now note that your kid does not have to do anything special under his account. The encryption password or key is his Windows account username and password. So what you really need is to get his password and then login as him.
According to your circumstances this can take several forms. You could possibly use a key logger to get the account if you have local access. The more robust way is to grab the SAM database and brute force the password. I have already given several tutorials on how to do this. Go to http://www.ycoderscookbook.com/Clear_NT_Passwords.htm for a detailed talk on how to get the password.
Now the next and much more involved step is to retrieve the password. There are various tools that will retrieve the Windows password from the SAM but the best by far are rainbow tables. Go to Google and search for “rainbow tables” and in the first few links you will find a site that has torrents for the tables. Now the hard part. Rainbow tables are precompiled hashes of every possible password. As such there are a lot of possible passwords. It took me about a month to get my tables and they take about 50 Gb of hard drive space. As long as the password is under 32 characters that are typeable from the keyboard you WILL get the password. Once you have the tables the finding of the passwords usually only takes a few hours.
As a disclaimer this information should only be used for good. This technique has its valid purposes and I have used it several times to retrieve data for customers that simply forgot their passwords. Do the right thing.
Try googl'ing a bit to see if you can find some way to crack it, but it's probably rather impossible.
QUOTETry googl'ing a bit to see if you can find some way to crack it
Of course, we never perform this kind of things. We only do politically correct things, we are very polite and we respect all the rules.
Rainbow tables are precompiled hashes of every possible password. As such there are a lot of possible passwords. It took me about a month to get my tables and they take about 50 Gb of hard drive space. As long as the password is under 32 characters that are typeable from the keyboard you WILL get the password. Once you have the tables the finding of the passwords usually only takes a few hours.
Link: view Post: 88172
some stuff to add, there are some variants of keys and hash that windows uses, depends on what version of windows and what patches are installed.
some windows versions have two hash keys.. each part ressembles half of the original passwords.
rainbow takes a lot of time to generate.. it takes me 3 months and 5 pentium 4 2.6gHrtz to compile / generate 90 gig of rainbow tables..
it only gives me success rate of 60% and that is for passwords 1char to 24chars long..
rainbow tables is usefull with a popular cracking soft.. i will not mention it here since I guess cracking is not permitted as a topic here.. this said soft will read rainbow as input and can decrypt char by char level..
SAM files can only be read when you boot on command shell and you need to be an admin.. that is the last time i remember how it works.. SAM files cannot be copied when on windows GUI since it is locked for system use when the GUI is enabled..
Someone asked me a few months ago why this is so.. And I have answered with a blank reply of "Beats me, I just read them.."
QUOTESAM files can only be read when you boot on command shell and you need to be an admin.. that is the last time i remember how it works.. SAM files cannot be copied when on windows GUI since it is locked for system use when the GUI is enabled..
This is true if you boot into Windows but the whole point of Knoppix is to not boot into Windows. This can also be accomplished if you remove the hard drive and install it into another Windows machine.
QUOTErainbow takes a lot of time to generate
I don’t think I would ever try and generate my own. Just download them from a torrent site. Its quicker and easier and I have never had any problems out of them.
QUOTEsome windows versions have two hash keys
This is true. The rainbow tables are only useful on the less secure LMAN hashes which originated out of Windows 95. The later versions of hashes are nearly impossible to crack. The upside (depending on which side of the fence you are on) is that all current versions of Windows will accept the less secure LMAN hashes by default. Only if you really dig into the machine security settings will you be able to disable LMAN hashes. Essentially Windows has two hashes by default, LMAN and Kerberos.
well, as mentioned above, it will be very difficult to recover encrypted files if we install new windows.
unfortunately, same has happened to me.
i encrypted about 400-450 MB of data in Windows XP and then installed a new copy of windows.
now i cannot access a single encrypte file.
kindly help me in this regard... data is real important to me...
i m willing to do the lengthiest procedure for that.
please dont tell me that no on e can help me in this regard, there must be something that can be done. So plz HELP!
thanx in advance :-)
i used partition recovery software to do a RAW read on the disk and i restored my EFS (encrypted file system) files to a different location and it worked for me...
SAM and SYSTEM are just the files that store passwords for the system and encrypt the passwords.
I think what you are looking for is a program for recovering EFS encrypted files. A quick Google search has revealed a number of different programs that can retrieve encrypted files.
Active FIle Recovery:
I have like 1 GB of files encrypted after reinstalling windows.
Windows XP Folder Encryption Key ?
I posted this as an oppinion/reply/Comments,sorry if I was wrong...
Here's my problem,Please help
I applied encryption atributes on all my files in drive d...Yesterday I formatted My winXP and installed a new XP,Now those files are not working at all,not even bieng copied anywhere...It inculeds lots of photos,music and docs...Please help as those attributes are also not bieng removed PLEASE HELP
-question by Waqas
In order to recover files (or folders) encrypted through Windows XP Pro's EFS (I cannot confirm this with Windows XP Home or other versions of Windows), you will need to have the Application Data folder applying to the account owning the files (or folders) in question to use this method. This folder contains information that can be used to encrypt and decrypt the files (or folders).
In other words, if you're reinstalling Windows XP Pro and keeping your encrypted folders, be sure to at least back up the Application Data folders for each of the users on your system. This will back up the certificates for each of those users.
Once you have your Application Data folder(s) backed up, download an EFS recovery tool. Advanced EFS Recovery Pro will search for all certificates and encrypted files automatically (though you can direct it to certain locations). It then stores all successfully decrypted files to the target specified by the user.
Hindsight being 50/50, I backed up my Application Data folder to save my Mozilla news and email settings. This act alone saved my hide from the eternal, mocking laughter of Murphy. My files are safe and I am exploring alternate options to protect my data from prying eyes.
-reply by Ron Poulton
|What Slows Windows Startup ? A list of programs that make a tortoise seem fast. (5)||(13) Window Xp Proffesional Explorer Freeze Up!|