Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


How do I safely use WinXP Encryption?

  • Please log in to reply
No replies to this topic

#1 MaryBet82


  • Members
  • 454 posts
  • Gender:Female
  • Local time:07:11 PM

Posted 10 February 2010 - 05:34 PM

I have been reading [and reading and reading] about using winxp's encryption. MS says it's very secure - if the HD gets stolen, it's unlikely anyone can crack the encryption. You have to also set your pagefile and recent/temp folders to clear on shutdown and close any encrypted files before going into hibernation, etc, etc. :thumbsup:

I set up a trial folder and encrypted some file copies, designated a user account as the recovery agent different than my user account, and generated a recovery certificate using the cipher /r:filename command. I then logged into the recovery agent account and tried to import the certificate, but the certificate didn't show up in the wizard. I may have been supposed to generate the recovery certificate in the recovery agent account. The instructions weren't very clear.

Because the instructions aren't all that clear in places, I'm worried about getting locked out of the files.
The encryption key generated is based on the user's pw - I'm assuming of the user who owns & encrypts the file not the recovery agent. What happens if you change your pw regularly per security recommendations? What happens if you have to use the password reset feature?

My understanding of SIDS is that you can change the password and username on an account - just don't delete the account if there are any files in it you want to be able to access ever again. But I don't know if a new encryption key is generated with a new pw. I'd think surely not - once the key is generated for a user account it stays the same. So you could use a really good pw when you generate your key and then switch to a more user-friendly one.

You have to backup the SAM registry hive because a corrupted SAM can lock you out. Does SAM backup reliably from w/in the registry [export]? [ I tried using erunt to backup my registry, but it crashed]

If you backup your files using windows backup so your encrypted files remain encrypted and your system crashes and you have to reinstall windows, which generates a new SID, are you now locked out of your backup files?

Has anyone actually used windows encryption and know how to set it up securely and safely?

Are there affordable 3rd party programs that can securely encrypt files/folders and generate keys that don't rely on SAM and SIDs? If I'm ever going to take my tablet pc outside the house I have to figure this out.
mac 10.6 on macbook pro
WinXP sp2 on Dell 380 w/ 512 MB RAM- currently dead in the water
WinXP tab ed sp 3 on Thinkpad X41 w/ 1.5 GB RAM - lemony flavored
Win2K Sp4 on Sony VAIO GXR600 w/ 512 MB RAM - currently blue screening

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users