Does any one know where is the encryption key in Windows XP stored. In other words how can one get encryption key.

Or how to retrive the data without the encrytion key.

By encrypting a file or folder, we are converting it to a format that can't be read by other people. A file encryption key is added to files or folders that you choose to encrypt. This key is needed to read the file.

This a well-known and very funny problem.
Of course, data are crypted in order to prevent you from reading them.
The encryption key is here part of the thing.
So, if the encryption algorythm is correct, it will not be easy to retrieve the data without the encryption key.
Probably the army has some huge computers in charge of such things : put your disk in such computer, and if their algorithms are better than Crosoft ones, and if their computers are big enough, and if you have enough time...

Are you trying to break into a folder that was encrypted using the built in Windows encryption (EFS)? If so then there may be hope for you. This can be hard and complicated so you should be very dedicated to this idea.

First off I have never used EFS because I think the security completely stinks. I have adopted PGP Whole Disk encryption as my standard method. Let’s take this scenario for example. You are the administrator on a computer and have a child. You have given your kid his own account and they are fairly responsible and computer literate so you don’t think anything else of it. One day as you are browsing through “C:\documents and setting\kids name” you notice some encrypted files. For what ever reason you decide you really need to know what is in them without your kid knowing. Even though you maybe logged on as administrator you are not able to access the encrypted files. As a side note this is not the case if the administrator has been named the recovery agent, but we will assume you are not that lucky (http://support.microsoft.com/kb/308993/EN-US/). Now note that your kid does not have to do anything special under his account. The encryption password or key is his Windows account username and password. So what you really need is to get his password and then login as him.

According to your circumstances this can take several forms. You could possibly use a key logger to get the account if you have local access. The more robust way is to grab the SAM database and brute force the password. I have already given several tutorials on how to do this. Go to http://www.ycoderscookbook.com/Clear_NT_Passwords.htm for a detailed talk on how to get the password.

Now the next and much more involved step is to retrieve the password. There are various tools that will retrieve the Windows password from the SAM but the best by far are rainbow tables. Go to Google and search for “rainbow tables” and in the first few links you will find a site that has torrents for the tables. Now the hard part. Rainbow tables are precompiled hashes of every possible password. As such there are a lot of possible passwords. It took me about a month to get my tables and they take about 50 Gb of hard drive space. As long as the password is under 32 characters that are typeable from the keyboard you WILL get the password. Once you have the tables the finding of the passwords usually only takes a few hours.

As a disclaimer this information should only be used for good. This technique has its valid purposes and I have used it several times to retrieve data for customers that simply forgot their passwords. Do the right thing.

I think the key is generated from several kinds of information about the user and it's impossible to acces the data by creating the same user again (if for example you reinstalled windows). So be carefull when you use encryption, complete windows failure equals data = lost.
Try googl'ing a bit to see if you can find some way to crack it, but it's probably rather impossible.

Of course, we never perform this kind of things. We only do politically correct things, we are very polite and we respect all the rules.

This post has been edited by yordan: Oct 3 2006, 11:05 AM

some stuff to add, there are some variants of keys and hash that windows uses, depends on what version of windows and what patches are installed.

some windows versions have two hash keys.. each part ressembles half of the original passwords.

---

rainbow takes a lot of time to generate.. it takes me 3 months and 5 pentium 4 2.6gHrtz to compile / generate 90 gig of rainbow tables..

it only gives me success rate of 60% and that is for passwords 1char to 24chars long..

rainbow tables is usefull with a popular cracking soft.. i will not mention it here since I guess cracking is not permitted as a topic here.. this said soft will read rainbow as input and can decrypt char by char level..

----

SAM files can only be read when you boot on command shell and you need to be an admin.. that is the last time i remember how it works.. SAM files cannot be copied when on windows GUI since it is locked for system use when the GUI is enabled..

Someone asked me a few months ago why this is so.. And I have answered with a blank reply of "Beats me, I just read them.."

This is true if you boot into Windows but the whole point of Knoppix is to not boot into Windows. This can also be accomplished if you remove the hard drive and install it into another Windows machine.



I don’t think I would ever try and generate my own. Just download them from a torrent site. Its quicker and easier and I have never had any problems out of them.



This is true. The rainbow tables are only useful on the less secure LMAN hashes which originated out of Windows 95. The later versions of hashes are nearly impossible to crack. The upside (depending on which side of the fence you are on) is that all current versions of Windows will accept the less secure LMAN hashes by default. Only if you really dig into the machine security settings will you be able to disable LMAN hashes. Essentially Windows has two hashes by default, LMAN and Kerberos.

hi

well, as mentioned above, it will be very difficult to recover encrypted files if we install new windows.
unfortunately, same has happened to me.

i encrypted about 400-450 MB of data in Windows XP and then installed a new copy of windows.
now i cannot access a single encrypte file.

kindly help me in this regard... data is real important to me...

i m willing to do the lengthiest procedure for that.

please dont tell me that no on e can help me in this regard, there must be something that can be done. So plz HELP!

thanx in advance :-)

I will have to direct this problem to someone else. As far as I know you are out of luck unless you designated a recovery authority or created a repair disk.

i dont know if you still have this problem or not...but i had this problem recently so what i did was...

i used partition recovery software to do a RAW read on the disk and i restored my EFS (encrypted file system) files to a different location and it worked for me...