Archived from groups: microsoft.public.windowsxp.security_admin (More info?)
I am trying to secure a standalone laptop computer that contains sensitive
data. Some information in the Resourse Kit and Knowledge Base has me
confused.
In Chapter 17 of the Windows XP resourse kit it states quote
"You can strengthen security by replacing the default DESX algorithm with
3DES. In a stand-alone environment, enabling 3DES is recommended."
In a knowledge base article quote
"Encrypting File System (EFS) is also affected by this setting. By default,
Windows XP uses the Data Encryption Standard (DESX) algorithm with a 56-bit
key length. If the Windows high encryption pack is installed, the key length
for this algorithm is Triple-DES (3DES) or 128 bits. By default, on Windows
XP Service Pack 1 (SP1)-based and Windows Server 2003-based computers, EFS
uses the Advanced Encryption Standard (AES) algorithm with a 256-bit key
length. However, if you enable the System cryptography: Use FIPS compliant
algorithms for encryption, hashing, and signing setting on these computers,
the operating system will use 3DES with a 128-bit key length instead."
So am I reducing the level of security by enabling the group policy on an XP
SP2 computer or increasing it?
(http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/windows/xp/all/reskit/en-us/prnb_efs_awzg.asp)
http://support.microsoft.com/kb/811833
I am trying to secure a standalone laptop computer that contains sensitive
data. Some information in the Resourse Kit and Knowledge Base has me
confused.
In Chapter 17 of the Windows XP resourse kit it states quote
"You can strengthen security by replacing the default DESX algorithm with
3DES. In a stand-alone environment, enabling 3DES is recommended."
In a knowledge base article quote
"Encrypting File System (EFS) is also affected by this setting. By default,
Windows XP uses the Data Encryption Standard (DESX) algorithm with a 56-bit
key length. If the Windows high encryption pack is installed, the key length
for this algorithm is Triple-DES (3DES) or 128 bits. By default, on Windows
XP Service Pack 1 (SP1)-based and Windows Server 2003-based computers, EFS
uses the Advanced Encryption Standard (AES) algorithm with a 256-bit key
length. However, if you enable the System cryptography: Use FIPS compliant
algorithms for encryption, hashing, and signing setting on these computers,
the operating system will use 3DES with a 128-bit key length instead."
So am I reducing the level of security by enabling the group policy on an XP
SP2 computer or increasing it?
(http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/windows/xp/all/reskit/en-us/prnb_efs_awzg.asp)
http://support.microsoft.com/kb/811833