Encryption nightmare

Mavicator · Nov 29, 2009

Hi folks, been a while since I've posted!

I recently did a clean install, going from XP MCE SP2 to Win7 Pro-N. I got everything backed up but made a rookie mistake and forgot to decrypt a small batch of files after they were moved to the external drive. I know retrieving these files is next to impossible, but here is a question...

I have backups of a few of these files that are not encrypted. So, if I know the contents of the file, is it possible to use that somehow to re-create the key for the encrypted version? And then use that key to retrieve the rest of them?

Obviously I know the account name and password since this is my home computer so maybe that would help also? I don't care if it takes a year to process, I'd just like these files back!

Thanks for any help with this.

The_Prophecy · Nov 30, 2009

An unencrypter version of a file cannot be used to decrypt and encrypted version of the file. You need to know the password you used to encrypt them so the program you used can use the key associated with that password to decrypt the remaining files.

Mavicator · Nov 30, 2009

Thanks. By password do you mean the account password? That I do have, and is the same one I'm still using on the new OS.

The_Prophecy · Nov 30, 2009

What did you use to encrypt these files?

Mavicator · Nov 30, 2009

Used regular Windows encryption. Properties-->Advanced-->Encrypt

The_Prophecy · Nov 30, 2009

I see.... i'm not sure how to get those back... excuse me while I embark on a Google quest...

Mavicator · Nov 30, 2009

If you find an answer to this debacle then I will personally send you a box of my wife's cookies.

The_Prophecy · Nov 30, 2009

Mavicator :

If my reading and interpretation is correct, I think you're SOL here. The account name and password between the 2 operating systems is the same, but the keys used to encrypt and decrypt the data are different, and there's really no way to retrieve them after the fact. Unless the old XP install is still intact, you're probably not going to get those files back.

Mavicator · Nov 30, 2009

That's what I'm afraid of. Even if there was a brute force method, I'd be willing to try it even though it could take forever. That's what spare hardware is for.

The_Prophecy · Nov 30, 2009

Brute forcing it could be done if you're willing to wait long enough, but I don't know of any easy method of doing so when it comes to EFS.

Mavicator · Nov 30, 2009

I'd be willing to wait, since the alternative is deletion and being called a quitter.

I haven't been able to figure out how to do it though. I have to imagine that knowing the account name would greatly speed things up, since (unless I'm mistaken) the encryption key is partly generated by that name.

franklin101 · Oct 14, 2010

I know this is a really old thread, but keepass says if you want to use the Windows account as a password, you should back up the SID

http://en.wikipedia.org/wiki/Security_Identifier

That probably would apply to you too. You would need to in essense spoof the old account. The only thing is that you probably didn't back the registry up.

In the future, use software like Truecypt which is independent of windows.

Mavicator · Jun 28, 2011

Well it's been a year and a half so I thought I'd check and see if anyone has any new ideas for recovering encrypted files? If there's a way to brute force them then I'm still up for it. I've already waited a year and a half, in which time I could have had a spare machine working on it! It makes me sad every time I see my hard drive sitting there unplugged with my old files on it.

The_Prophecy · Jun 28, 2011

I still think you're SOL unless you want to make a brute force attempt. Any way of easily recovering an encrypted file means that you're not the only one (as the rightful owner of that data) that could get easy access to it.

hang-the-9 · Jun 28, 2011

First you need to find what software to try to use to decrypt the files. The only way to do that is to actually run it and hope for the best. http://sectools.org/crackers.html

I think Windows 7 uses either 128 bit or 256 bit encryption depending on how you configured it. Here is the time it will take. Bring a long book with you.

http://en.wikipedia.org/wiki/Brute-force_attack

128 149,745,258,842,898 years
256 50,955,671,114,250,100,000,000,000,000,000,000,000,000,000,000,000,000 years

Mavicator · Jun 28, 2011

Only 128 trillion years? Better get started! They base that number on a machine that could crack 56-bit encryption in one second. I wonder how long a typical home machine could actually do it. Guess it doesn't matter, it's a crap shoot either way.

hang-the-9 · Jun 28, 2011

Mavicator :

That's 128 bit encryption, 149 trillion years.

Hope you're not using solar power, the sun will probably be dead by then.

Mavicator · Jun 29, 2011

Well if it's gonna die anyway then I may as well harness it's full power now, to power my supercomputer. Sorry about the lights going out...

The_Prophecy · Jun 29, 2011

Any power shortages suffered from this point forward shall be deemed Mavicator's fault

.

Encryption nightmare

Distinguished

Splendid

Distinguished

Splendid

Distinguished

Splendid

Distinguished

Splendid

Distinguished

Splendid

Distinguished

Distinguished

Distinguished

Splendid

Titan

Distinguished

Titan

Distinguished

Splendid

Share this page