This master key is not only used to store the EFS asymmetric key pair, but also any at-rest data protected by DPAPI. The EFS master key is derived using the Password Based Key Derivation Function (PBKDF2), which is sometimes referred to as "RFC 2898 derivation" in the documentation. When I say the NTLM password, I mean their logon password, not the NTLM hash of their password. The DPAPI Master Key is derived from a combination of the user's NTLM password and their SID (unique identifier for the user). The asymmetric key pair is stored on-disk in an encrypted form, using a key known as the DPAPI Master Key. This key is then encrypted using a user-specific asymmetric key pair, and this encrypted key is stored in the file's metadata. First, a random File Encryption Key (FEK) is generated and used to encrypt the file with 3DES or DESX. In a single-user environment outside of a domain, by default, files are encrypted in a 3-stage process. >=3.0) on a modern operating system like Windows 8.1 or 10. For the purposes of this question, I'm going to presume a modern version of NTFS (i.e. It depends on how EFS is set up, and what version of NTFS you're using.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |