EFS is being deployed because They realized that with NTFS-readers available for other OSes besides NT there was no longer even the illusion of security offered by the NT architecture. Hence they figured they'd scramble things up a bit. It leaves some interesting features OUT ... it will not Save The World. At 06:06 PM 10/7/98 -0500, Steve Dunlop wrote:
All,
Does anyone have any opinions on the encrypting file system (EFS) that is supposed to ship with NT 5.0?
The white paper on the MSDN web site says it uses DESX (no explaination as to what the X is) and an RSA public key algorithm to store the symmetric keys, which are random for each file.
So what's DESX?
EFS appears to have the architecture to support arbitrarily long keys although this has been crippled in the NT5.0 release, presumably because of export limitations. It has the key recovery features you would expect in a commercial product of the type; they can be turned off administratively.
Is this a victory for wider use of encryption?
-- Steve Dunlop letters: "dunlop" at "bitstream" dot "net" http://www2.bitstream.net/~dunlop