I figured I talk alot why not write a lot also.
I messed around with encryption in Windows XP. I encypted some music files and now I can't access them cause I formatted the C: drive and I failed to save a copy of the certificate. Is there a way to get my files back, I just have to believe that MS would not be stupid enough to make a program that did not have a back way or something.

Any help will be appreciated, I don't care about the means as long as I can get my files back. thanx.

Comments
on Aug 08, 2006
during a system crash, i loose alot of information and other kind of works, i make a search at download.com, looking for a program that could help to recover those files.., i finaly find it and it realy works, the thing is that this happen last year and i dont remember the name of that program ., sry pal', maybe if u do a new search at download.com u may find something that could help u 
on Aug 08, 2006
If you did not backup the EFS key from your profile prior to formatting, you are completely out of luck.  Those encrypted files are just gone. 

This isn't the fault of MS.  It's basic security 101.  You always keep backup copies of your encryption keys, if you are in fact encrypting your files.  The entire point of encrypting something is to make it so only the person with the key can access it.  Having a built-in backdoor totally negates that. 

You should have read up on what encryption was and how Windows EFS worked before encrypting anything.
on Aug 08, 2006
If you did not backup the EFS key from your profile prior to formatting, you are completely out of luck. Those encrypted files are just gone.

This isn't the fault of MS. It's basic security 101. You always keep backup copies of your encryption keys, if you are in fact encrypting your files. The entire point of encrypting something is to make it so only the person with the key can access it. Having a built-in backdoor totally negates that.

You should have read up on what encryption was and how Windows EFS worked before encrypting anything.


I know what you mean, but as I have seen time and time again, when a security program creator makes something, even he can get locked out and that's not a good thing so they always have a way around it. Even Bill Gates can make the mistake of encrypting and forgeting to back-up, but I bet he knows how to decrypt it.

It's only logical to have a backdoor even if the point of protecting it is to keep people out, but it was not intended to keep the owner out as well. I did however find something already, I will let you know if it works. I however don't know if I can mention it here. If I can let me know.
on Aug 08, 2006
Have you considered the possibility that Bill Gates actually reads the warnings on the encryption tools, that clearly state that if you lose the key, you can't retrieve the files? Have you considered the possibility that Bill Gates actually backs up his work?

These warnings are all over the Windows OS; I see them every day on my job. The simple fact is that encryption schemes are useless if they have back doors. For this reason Windows warns you in very clear terms whenever you try to encrypt something.

You didn't bother to read the directions or plan ahead. Why should Microsoft trust you with Bill Gate's special decryption tools? Even if such things existed, I promise you their use would be reserved only for the most responsible and trustworthy and computer-savvy people. Ironically, these people wouldn't need the tools, since they'd be taking care of business the right way to begin with.

I, for one, would not want you to have access to a tool that allows you to decrypt things without a proper key. I mean, I can't trust you to safeguard the key to your own files. Why should I trust you with the key to everybody else's files?
on Aug 08, 2006
Charles, I sent an email to your hotmail account with some questions I had.
on Aug 08, 2006
#4 by stutefish
Tue, August 08, 2006 2:02 PM


I could almost swear you are screeming at me. First off take a chill pill. Second, regardless of who Bill Gates is, how much he know about PCs or how many back up's he makes, in the end he is still human and there is a reason people make backups of everything. Because they too stupid at times and end up screwing things up, but by that same token they can also be stupid enough to not have a back-up. I happen to have a back up of my system, Ironically it got corrupted and I don't know why.

I personally have no need to guard anyones files so i don't really care if you trust me or not. I just want my files back. I made a mistake, it happens. If you don't like it move to another planet and change you DNA or something cause just like me you are human and you make mistakes all the time. Why am I even bothering with you, why did you even bother commenting? Your response was idiotic in the sense that I did not need a lecture I need help. If you have nothing good to say, don't say anything.
on Aug 08, 2006

Charles, I sent an email to your hotmail account with some questions I had.


I have no access to my email except on weekends. My job has it blocked and I work 14 hours so the Library is closed by the time I get out of work. I will check it out this weekend and respond.
on Aug 08, 2006

The point though that Stute and I are trying to make is that systems like these intentionally do not have backdoors.  They're very much a "you're screwed" system if you lose your credentials.  That's their entire purpose.  I've yet to see a single encryption system or method that comes with any sort of backdoor.  Some may have weakenesses that make it easy to crack, but they're not backdoors.

There is a basic assumption when a user goes to encrypt any data.  That assumption is that the user has or will take the necessary precautions to protect their ability to access the data.  Encrypting is an expert-level task, not something that should be done if you're not sure on how all the parts work or how you need to safeguard your credentials.

EFS as a security system is laughable in that it's only as strong as the Windows authentication methods.  Crack a user account and you have access to their personal encryption key and you have free reign over their files.

However, if you have wiped out that key and do not have access to a DRA (Data Recovery Agent), which if you encrypted on your own, is you... it's dumb I know, then you're out of luck.  The system has to assume a certain degree of prior knowledge on the part of the user who chooses to encrypt.  If the user has not done the necessary work to protect themselves, then it's not Windows or Microsoft's fault the files are inaccessable.

As to Stutefish's comment about not trusting you with guarding files.  What I think he's getting at is that he doesn't trust you (or anyone for that matter) with the grand master backdoor key to EFS encrypted files.  If you were to find a backdoor that got you your files back, it would be a backdoor that worked on ANY files encrypted by Windows EFS.  A backdoor is not a one-off deal in something like this.  If it were to exist it would work in all instances.  And that's the best reason as to why it can not exist.  Given how eager everyone is to post Windows exploits, the second EFS got cracked it would be all over the net and tech news.

Your options are to try and brute force the files to decrypt them... which may be tough if you picked any of the stronger encryption algorithms.

 

on Aug 09, 2006
Zoomba:

I understand complately what you mean. It is obvious that the having a backdoor to this type of software defeats the whole purpose. I, however, believe that because of the fact that the system is a "you're screwed" system, that even those in MS run the risk of messing up. So I believe they have a way around it. Obviously they will not put it out there for us to use cause, as you said, it defeats the purpose of the software.

This is where people with software making skills come into play. There has yet been a software I have not seen uncracked. I'm sure there is something out there and, I'm sorry to say, I don't care what people think I would like my files back even if it means using a hackers way to do it. I messed up and I admit it. I do have a backup of my hard drive but it just happens to be corrupted so I'm basically screwed. But I'm sure there is a way to break it and I will find it one way or the other. I'm not one of those people who will use this type of software for evil so I am not concerned over what people think about me. I just want my songs back.
on Aug 09, 2006
It's definitely goner. You cannot recover files you used EFS on and lost your key. If there was a backdoor it would have been used to exploit all over the world at once. Who want company secrets insecure? Not me. I wouldn't trust EFS if it had a backdoor.

Good luck trying to crack it. You would have better chance trying to find copies of songs you lost.
on Aug 09, 2006

It's not only a "you're screwed" system it's a "if you don't know what you're doing with this, it's not our responsibility to bail you out" deal too.  EFS is actually not meant to be used in a one-off environment like yours.  It's meant to be run in a managed environment with a PKI or and Active Directory server to escrow the certificates.  At the very least it's meant to be used on systems that had DRA's specified.

Software making skills have very little to do with decryption either at this point.  The best software in the world can only try and churn numbers through the RSA algorithm and then do an inspection of the results applied to an encrypted file.  The RSA algorithm, while not the absolute best there is, is suffeciently good that unless you have a massive amount of computing power behind you.  Some software is more intelligent at which exceptionally large prime numbers to try factoring, but you're still dealing with bruteforcing massive files to try and find the key.

EFS can be cracked given various windows system files such as the Private and Master Key Containers.  THose are typically protected with a pretty standard hash of the user's login credentials.  But without any of the files associated with EFS, or any encryption system you only have blocks of garbled data.

Garbled data, without any of the "clues" from those above mentioned filed, can only be brute forced.  A brute force attack on an encrypted file is to try pumping in randomized (but valid) keys.  In this case 1024-bit RSA keys.  An RSA key can be generated using the math on this page:

http://www.di-mgt.com.au/rsa_alg.html

Really, it's in guessing the right prime number, and then guessing the right seed for the equation.  But there are a lot of prime numbers out there, and the really really large ones which are used in encryption algorithms take a long time to push through any formula.   But on top of trying every combination, some inspection of the results of each attempt is needed.  Which is why decrypting large files (anything longer than a few lines) is extremely difficult and takes a massive amount of computing power. 

To give you an idea of the time involved for mortal machines in brute-force cracking, distributed.net runs projects where thousands of PCs around the world work together trying every potential key combination on a simple one sentence text file.  They are currently working on a 72-bit RSA encrypted file.  They've been working on it for 1,345 days now at a total rate of 139,000,305,844 keys attempted per second.  Roughly 7,013 computers were working the problem yesterday and they managed were able to crunch 11,297,795,508,011,007 keys, or roughly 0.000239% of the total number of potential keys.  It will take an estimated 416,560 days or 1,141 years to check the entire keyspace.

Now, imagine a key many million times stronger than a 72-bit key.  (1024 is 7 million times stronger than a 512-bit key for example).  How long would it take to brute force that given the 7,013 machines globally that were working on a single line of text yesterday?

WinEFS is actually certified for government use (though they use the stronger 3DES algorithm).  It wouldn't be if there was a privately held backdoor, or even a master key.  EFS uses the publicly tested and time proven RSA algorithm, which has no found vulnerabilities to date.  EFS encrypted files stand up to encryption standards scrutiny, so as a raw file they're virtually impossible to decode. 

Your only hope is that there are some files that survived your windows wipe through some miracle.  Otherwise you're dealing with an honest-to-god mathematical impossibility.

EFS is weak so long as you still have the original Windows setup of the machine that encrypted the file.  Without that, it's as strong as any 1024-bit RSA encrypted file out there.

on Aug 10, 2006
This is a fascinating education on encryption. Thanks Zoomba!
on Aug 10, 2006
It's actually a really truncated explanation of EFS and a quick primer on encryption in general.  Someday when I have more time I'll do a more detailed breakdown of what it all is for non-security folks 
on Aug 10, 2006

The simple answer is no, there is NO back door.

And..

Yes, you are screwed.

If, however you have sufficient time AND funds you might 'see' your grandchildren's grandchildren get it sorted.

Actually, with leaps and bounds in processor power and speed you 'might' even see a solution in your twilight of life....provided you're currently still in your brash, hasty teens...