M$ encrypting filesystem

[Ian Brown]

Windows 2000 comes as standard with the ability to encrypt files on an NTFS
partition. Of course, the international version uses 40-bit encryption. But
even worse, *all* versions will only allow encryption if a "recovery agent"
is configured. If you remove the recovery agent, Windows stops encrypting,
just like that.

M$ has obviously been liasing very closely with Fort Meade over this one...

http://www.microsoft.com/windows/server/Deploy/security/EncrFile.asp

The Word document there says some interesting things:

"in circumstances where multiple recovery agents are needed for the domain
or where the recovery agent needs to be different from the domain
administrator due to legal or corporate policy, you may need to identify
certain users as recovery agents"

NSA as your local friendly recovery agent, perhaps?

"Recovery agents may need to recover files or folders if a user loses his
or her key or leaves the company, or if there is a legal requirement to do
so."

Mmmm mmm!

As Ross Anderson says, this is garbage anyway. Companies want *data*
recovery, not key recovery. What Windows *should* do is provide this
service as part of backup procedures, sending the plaintext of backup data
over a secure link to a secure backup centre where it can be re-encrypted
under other keys. This removes the security vulnerability of having one or
more master recovery keys that can be used to gain access to files on any
computer in an organisation. The backup centre can be guarded a lot more
effectively.

Ian