Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: BitLocker reliability when encrypting selective folders only


21 Jun 2014   #1

Windows 7 64 bit
 
 
BitLocker reliability when encrypting selective folders only

Hi,

I understand that whole encryption drive is always better, but really the ONLY thing I need to encrypt is MY DOCUMENTS, as this is where all my personal data is. So my question is, if I used bitlocker to encrypt that one folder only, and say my hard disk was stolen, would they be able to find or regenerate the encryption certificate key somehow? I assumed that since all the system files are available, they might be able to find a way to locate that or retrieve it in some way.

Also, if someone did steal the hard disk, wouldnt they be able to run a password reset tool (I know it existed on XP, it was a boot cd) on the operating system and just log in with a new password, then retrieve the MY DOCS contents (since once you log in, you can see the data)??

Thanks in advance!


My System SpecsSystem Spec
.

21 Jun 2014   #2

Windows 7 Ultimate x64
 
 

I guess you're refering to EFS instead of BitLocker, as it's only for whole drive (as far as I know).

Anyway, to quickly answer your concrete question, yes, it CAN always be decrypted once they got your HD in their hands. The key point for this is that they gain physical access, and security-wise that's "game over, the attacker won".

The real reason behind this is that with your encrypted files in hands, they are always able to run any kind of offline attack they want, completely ignoring whatever security you might put. They can, at the very least, run a brute force on your password or the encryption keys, and given enough time, get your data. This is not a problem specific to EFS or Windows or anything, but any encryption technology has the same flaw.

The only variable you can affect is how long it may take to do it. Brute force, or even some dictionary attacks take much time, not to mention that a casual thief may not care at all at it, just reselling the thing for easy profit. Encryption main attempt is to make an attacker think twice if it's worth to attempt to crack it or not, as it'll be very resource and time consuming.
Different is the case if someone specifically wants something on your HD, when you may expect people will spend any resources they have to get what they want.

In practice, an encrypted HD will possibly deter most people away (going for the lowest-hanging fruit) because they see it as "too hard" (for a good reason), but keep in mind that a determined attacker (for whatever reason) may be able to get it. So, if you need 100% security, the only way to go is not to let the HD in the incorrect hands.
My System SpecsSystem Spec
21 Jun 2014   #3

Windows 7 64 bit
 
 

Yes, sorry, I think I meant EFS. Its where you right click a folder, go to properties->advanced and then encrypt.

I understand perfectly well that the brute force can be used, and you can only effect the time it takes to encrypt. Which is the exact point. We can easily make it such that it would take them millions of years to decrypt. IMO, that is essentially the same as saying it cannot ever be cracked.

What i want to know is, besides brute force, is there any OTHER way they can crack a folder encryption?

That is, can they somehow retrieve/reset the login password, in order to log into windows and view the folder. OR can they somehow obtain the encryption key (or file) by searching through the system files and maybe running something?
My System SpecsSystem Spec
.


22 Jun 2014   #4

Windows 8.1 Pro (x64)
 
 

Btw, forcing a password reset or changing it outside of the user account makes those encrypted folders impossible to access. Your password is tied to the encryption key.
My System SpecsSystem Spec
25 Jun 2014   #5

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by tekset5 View Post
That is, can they somehow retrieve/reset the login password, in order to log into windows and view the folder. OR can they somehow obtain the encryption key (or file) by searching through the system files and maybe running something?
Yes, it's possible to do such things. There are programs that do that, provided the whole disk is unencrypted. Since login passwords are hashed, they can probably apply those brute force (or most likely, rainbow tables) to crack them offline, and login into your account. It's not difficult to do so, and MUCH easier than crack the actual encryption key. Reseting the password is even simpler, but pointless as it would invalidate the certificate as logicearth said.

The certificate itself can be extracted by logging in into another administrator account and accessing the certificate store (again trivial if they can reset the administrator password without disturbing yours).

Someone may correct me here, but I was always under the impression that EFS is in practice more effective locking out more legitimate users rather than a skilled attacker, all because the encryption key is stored together with the data, and relying on tying it with the user password and Windows installation.



Quote   Quote: Originally Posted by logicearth View Post
Btw, forcing a password reset or changing it outside of the user account makes those encrypted folders impossible to access. Your password is tied to the encryption key.
But how do you achieve the same once they gain access to the computer? Nice in an emergency as a "self-destruct button", though
My System SpecsSystem Spec
Reply

 BitLocker reliability when encrypting selective folders only




Thread Tools



Similar help and support threads for2: BitLocker reliability when encrypting selective folders only
Thread Forum
BitLocker Drive Encryption - BitLocker To Go - Turn On or Off Tutorials
Solved Can I turn off computer when BitLocker is encrypting? System Security
BITLOCKER encrypted external drive - can't delete files/folders System Security
BIOS flash error, BITLOCKER on? No bitlocker installed, Win 7 Pro General Discussion
Encrypting hdd System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:03 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33