|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Re[2]: Relative Security Provided by Cached Domain Credential s?
From: Kim Oppalfens (Kim.Oppalfens
azlan.be)
Date: Thu May 27 2004 - 01:41:49 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Correct, and you have to trust the server for delegation.
This indeed makes smartcards not usable for efs on file servers.
But that was not the point I was trying to make.
The point is that even if you manage to get an efs private key to be stored
on a smartcard, the smartcard will never be checked during encryption or
decryption of efs files. Just because efs was not build to do that it just
checks the profile for a private key even if you are using efs on your local
disks.
At least that is the way I understood it, again if anyone is actually doing
efs with smartcards I would love to hear about it. More specifically I would
love to hear how they got it done. But at this point I am afraid it is just
a theoratical solution that you cannot bring into practice.
Kim Oppalfens
-----Original Message-----
From: Vyacheslav Ponomarenko [mailto:VPonomarenkotaos.com]
Sent: woensdag 26 mei 2004 5:14
To: focus-mssecurityfocus.com
Cc: Kim Oppalfens
Subject: Re[2]: Relative Security Provided by Cached Domain Credentials?
Kim,
When you use EFS on a file server it encrypts/decrypts data on user's behalf
via delegation. Thus it can only access keys stored in user's profile.
Vyacheslav
Tuesday, May 25, 2004, 6:56:01 AM, you wrote:
KO> I have seen mentioned the use of smartcards for efs certificates in
KO> this thread a couple of times.
KO> Although it would be nice in theory it was my understanding that
KO> this cannot be used at present because not thought about in the efs
KO> API, so during decreption or encryption for that matter only the
KO> personal certificate store is checked for a key, not any smartcard
related stuff.
KO> At least that is what I understood about efs and smartcards.
KO> Has any of you actually tested the smartcard solution, or it this
KO> how you would theoratically handle it?
KO> Kim Oppalfens
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]