Rank: Unregistered

Hello

i need some help i encrypted the files on windows 2003 (only 1 folder but its contents are invalueble to me)

i had some problems with the OS so i reinstalled it and now i cant access my encrypted files if anyone has any suggestions for decrypting my own files please let me know because everything i use is in that folder and i cant loose it

Rank: ? (5)
Member #: 12261

sorry abot that the post above was made by me

Rank: ? (2172)
Member #: 11609

Unless you know the key, they are unaccessible unless you find some way to crack it.

Rank: ? (5)
Member #: 12261

ah yes my friend thats what i want to know is how can i crack that bitch

Rank: ? (2172)
Member #: 11609

The algorithm will determine if you CAN crack it.

If you can't yourself (however) you probably have one option:
1. Find a company that can crack it for you (I've seen some that do)

I don't know the advanced concepts of encryption, only basic. If you need serious help, get Crypdoctor.

Rank: ? (614)
Member #: 9832

 jordanaf2003


Wow, thanks but, no I don't thinks so... I don't know much more than what I've put in my tutorials and that's basics. The rest I'm learning now. For advanced stuff, get Bruce Scheier (he wrote the "Applied Cryptography if I remember right...)

Few things about that Windows thing. Basically administrator can decrypt everything but the problem is, this actually means administrator is allowed to use everybody's certificate (key+signature I think). So, if you (=the original poster)actually wiped out your Windows and have no backups, then it is a bit of problem. The original key is not stored anywhere so you would be facing something like 64bit des (standard) or enchanced (non-us) version with maybe 128 bit encryption.
64 bit des is in fact breakable but most likely not with a home computer (I created a screen saver thingy that prints out 64-bit keys starting from 00000000. I got bored before it got to the 3rd row from right. That kind of convinced me that 64 bit keys are fairly long too...that was just CREATING the keys, testing if it is a right key or a wrong one is a lot more complicated).

So, my advice is, see if you have backup of the key somewhere (you still have your folder so you didn't wipe out everything right?) and then try to import the key and get the Windows to accept it somehow.

If your files are pretty much intact and only windows was repaired, it is possible that key is still there but not associated with your username. Are you logged in as an administrator or a normal user?

added a bit later: I was actually talking about Win2k, but I don't think 2003 is too much different in this matter. Encryption could be stronger by default...

Rank: ? (5)
Member #: 12261

hm ok yes i still have the folder i encrypted and yes i log in under administrator

also yes all the files are intact also do you think a simple visual basic program that runs through every 64 bit code and tests it would work to decrypt the files??

(even if it took a long time?)

Rank: ? (614)
Member #: 9832

If you encrypted your files using admin account and you still use the same account(=didn't create new one when fixing windows) there should not be any problem. And in any case, administrator should be able to decrypt everybody else's files. I can't remember where exactly did you need to click but if you mess around with file permissions you should find a place where you can set decrypt-permissions for yourself.
What exactly is the error? Does it say that you don't have permission to access the files or does it complain about missing key/certificate/something?

And about that brute force method you are suggesting... Windows standard encryption may not be the strongest around but it is still supposed to be secure. I think (=I could be wrong) it is 64-bit des and breaking that requires specialiced knowledge, time, money and very likely some special hardware. You can look may "Encryption basics" tutorial to find out about how many possible keys there are, and creating keys is not enough, you the encryption algorithm, and the tricky part, some algorithm to test if you got the key or not. In order to break 64-bit key in any reasonable time, you would have to be able to analyze several million decrypted text per second.

One thing though, moving/copying encrypted files from ntfs to fat-partition is supposed to destroy the encryption-quality, but I don't know what it actually does to the contents. It might decrypt the files, destroy them or tell you that it is not possible to move them to fat-partition. The sad news is however, if your key is somehow lost, there's really not much that can be done. That's the whole point of encryption. No key, no access. I mean, think this: if your door had a "lost my key, let me in"-button, what would stop burglars from pressing it?

Anyway, I hope your key/certificate is still somewhere. In that case, administrator should be able to access it somehow.

Rank: ? (5)
Member #: 12261

hm ok yes cuz windows automatically creates an administrator and ive been fucking around with permissions constantly and yes it just flat out tells me i cannot access the file that i lack permisions i may try some more later tonight

also thank you for the input ill let yeh know if it works out

Rank: ? (614)
Member #: 9832

If you are logged in as an admin you should be able to click the properties of the folder and then just turn the encryption of from the settings... if things are ok. Windows 2000 encryption logic is somewhat confusing, I just noticed that I can't encrypt anything on the computer I use now (not my own) It says there's no valid encryption policy available, even though it should have it by default. Admin (my account) has certificate, but CA (certification authority) is somehow not available.
So, I don't even know what the hell is going on here, but try if you can turn encryption of...

Rank: ? (5)
Member #: 12261

ok what about the changing into a fat partition or something of that sort how would i be able to do that?

Rank: ? (614)
Member #: 9832

No don't try that. The encryption-quality is indeed lost if you move the file to fat-partition, but what that seems to mean is it won't decrypt/encrypt automatically anymore, but it would stay as it is, encrypted in other words. So you would end up with files that open but contain something like #rrt4$/.,kj/%%%. At least that's what I think would happen.
And in any case, the only way the convert NTFS into FAT is to re-format it so it would not be very healthy to your files... FAT into NTFS is simple process though.

Rank: Unregistered

ahh man does anyone know any ways of hacking it? or anyone know anyone that isnt here that could help my hack it?


also i tried the using the admin account to change permissions and all and it still wont let me access the files

but i did notice this when i veiwe dthe certificate for other new encrypted files and the old one i noticed the certificate keys were differint

could i possibly use that to exploit it?

Rank: ? (614)
Member #: 9832

I might be completely wrong, but the way I understand the windows encrypted file system is that windows manages keys and user accounts centrally, automatically using the right key for operations. The system also has at least one "decryption agent" (or whatever it is called in English versions, that was my on-the-spot translation attempt...) that can decrypt everything, in case (for example) one user stops using the system and somebody else needs to use the files (the whole thing is meant for company networks, not home environment). That "agent" is by default the administrator, and I think it means by using this priviledge administrator can manipulate permissions to access the whatever key was used with the file. So, windows checks what user-account was used to encrypt the file, finds the key that belongs to the account and hands it to the administrator.

What I think happens in your case is: Windows notices you are accessing encrypted account, looks your account name (Administrator) it goes and gets the certificate that belongs to that account (your NEW administrator certificate apparently). So you still got your old certificate? You said you can view it? Things should be fixable then. Now, I'm really guessing here but how about this: backup your current certificate, replace your new certificate with your old one (copy, overwrite, rename or whatever you need to do to achieve that) and try decrypting the files, then change back to your new one (don't forget to backup it to floppy). The problem seems to be simply that the account name you used to encrypt the folder is same as your account name now, but the account is associated with another certificate so windows gets confused. That explains why administrator priviledges don't work either. The system is getting the administrator key, but new one, not the old one. I don't think Windows can regognize which of the keys was used, it simple gets one that, according to its registry, belong to the account that encrypted the file. So in your case:
Windows: Let's see... Administrator... ok, here's the certificate (gets your new one)

But really, I can't duplicate your situation here so I'm just trying to picture it in my head and guessing what might work...

Unless your files are really valuable, I would not try to get any company to decrypt them. Relatively weak though it may be, Windows EFS is still a proper cryptosystem that is not meant to be breakable, so *lots* of time and money may be needed to break it. I mean, many businesses rely on it protect their data...

Rank: Unregistered

ok see whats happening isss on my computer there are 3 registered login name 1)administrater 2)Joe 3) barb

now since barb has no reliance whatsoever we will ignore that one

i go to a newly encypted file itll say under who can access the file is says Administrator (Administrator@COMPUTER)

i go to an old encrypted file itll say Joe(Joe@COMPUTER)

now i can remove the old joe and attemt to have only the new adminstrater and itll be fine untill i say backup key (even if i do this for the old joe it says this)

The certificate or key is not available for export on the machine. Error code: -2146885628

the little pupup is names EFSADU

Rank: ? (614)
Member #: 9832

I assume Joe's account type is administrator as well? Can't you login as joe and access the file? I thought both new and old account were named "administrator" so I was having a little bit wrong idea. If the account names are not same there should be no need to do what I suggested earlier (as there's no confusion about account names) Windows should be able to access joe's key but there seems to be some problem, as exporting certificates should be as simple as few mouseclicks...

Well, Windows can be weird bugger sometimes. In some other thread somebody suggested automatic encryption for all internet traffic and I was against it. One reason being that this kind of mess would eventually happen on global scale...

Rank: ? (614)
Member #: 9832

This is little bit late now, but I did some research in case somebody else is interested: First, administrator should by default be able to open any file, only if administrator wants to delegate that permission file security properties need to be adjusted. So if the admin gets "Access denied"-message, something is seriously wrong with the system.
Other thing, in the system I'm using now the default key seems to be 1024bit RSA key, so forget about trying to break it. The algorithm is strong enough, if there's a weak point, it is the Windows itself... I don't　know where I got the idea its DES...

Rank: Unregistered

I'm out of ...

Rank: Unregistered

I encrypted a folder in my old computer (I use administrator account), then copy this folder to a new hard disk. Then I use this new disk to install a new W2K system (I still use administrator account), then I can't access my folder here. And I already throw away my old disk!
How can I recover my files?
Thanks a lot!

Rank: ? (614)
Member #: 9832

You mean you encrypted it with one W2K and tried to decrypt it with a completely different W2K? That's not going to work, unless you kept the old admin account...