Windows 7 File Encryption Options

9/27/201922.08.2017admin

Active1 year, 6 months ago

Windows 7 Pro Encryption
Windows 7 File Encryption Software
Windows 7 File Encryption Options Software

How secure is the data in a encrypted NTFS folder on Windows (XP, 7)?

Third Party Application TO Encrypt And Decrypt Encrypted Files On Windows 7 or Windows 10. If you find any difficulties or hassle in the first default or Windows recommended approach that we have just shared above with you, you can opt any third party Windows application to decrypt encrypted files on windows 7 or windows 10. Enabling BitLocker Drive Encryption on Windows 7. Dental Informatics Page 1. These instructions provide the procedure for turning on BitLocker Drive Encryption protection on an operating system drive of a computer with a TPM. After the drive is encrypted, the user logs on to the computer normally. Before you start. File encryption helps protect your data by encrypting it. Only someone with the right encryption key (such as a password) can decrypt it. File encryption is not available in Windows 10 Home. Right-click (or press and hold) a file or folder and select Properties. Select the Advanced button and select the Encrypt contents to secure data check box. 1 Go to Start, type BitLocker Drive Encryption and press Enter,or go to Control Panel and click the BitLocker Drive Encryption link. 2 Now, in the BitLocker window will be listed all the storage devices where you can use this encryption feature. If you want to protect an external storage device that is not connected to the computer, you can connect it now and it will show up immediately after Windows 7 recognizes it. Mar 06, 2019 Windows 7 Windows 10; When BitLocker is used with a PIN to protect startup, PCs such as kiosks cannot be restarted remotely. Modern Windows devices are increasingly protected with BitLocker Device Encryption out of the box and support SSO to seamlessly protect the BitLocker encryption keys from cold boot attacks. In some situation, if you want to enable the EFS option then, in the same way, follow the above steps but under the General tab, you have to choose either any one of option “not defined or Allow” in the “File encryption Using Encrypting File System (EFS)” section and Click OK button.

(The encryption option under file folder -> properties -> advanced -> encrypt.)

If the user uses a decent password, can this data be decrypted (easily?) if it, say, resides on a laptop and that is stolen?

MartinMartin

6492 gold badges9 silver badges18 bronze badges

6 Answers

How secure is the data in a encrypted NTFS folder on Windows (XP, 7)?

What is EFS?

Folders on NTFS are encrypted with a specialized subset of NTFS called Encrypting File System(EFS). EFS is a file level encryption within NTFS. The folder is actually a specialized type of file which applies the same key to all files within the folder. NTFS on disk format 3.1 was released with Windows XP. Windows 7 uses NTFS on disk format. However the NTFS driver has gone from 5.1 on windows XP to 6.1 on Windows 7. The bits on the disk have not changed but the protocol for processing the bits to and from the disk has added features in Windows 7.

What algorithm does it use?

Windows XP (no service pack): DES-X (default), Triple DES (available)

Windows XP SP1 - Windows Server 2008: AES-256 symmetric (default), DES-X (available), Triple DES (available)

Windows 7, Windows Server 2008 R2: 'mixed-mode' operation of ECC and RSA algorithm

What key size does it used?

Windows XP and Windows 2003: 1024-bits

Windows Server 2003: 1024-bits (default), 2048-bits, 4096-bits, 8192-bits, 16384-bits

Windows Server 2008: 2048-bit (default), 1024-bits, 4096-bits, 8192-bits, 16384-bits

Windows 7, Windows Server 2008 R2 for ECC: 256-bit (default), 384-bit, 512-bit

Windows 7, Windows Server 2008 R2 for for AES, DES-X, Triple DES: RSA 1024-bits (default), 2048-bits, 4096-bits, 8192-bits, 16384-bit;

How is the encryption key protected?

Amd radeon settings download. The File Encryption Key (FEC) is encrypted with the user's RSA public key and attached to the encrypted file.

How is the user's RSA private key protected?

The user's RSA private key is encrypted using a hash of the user's NTLM password hash plus the user name.

How is the user's password protected?

The user's password is hashed and stored in the SAM file.

So, If an attacker can get a copy of the SAM file they may be able to discover the user's password with a rainbow table attack.

Given the username and password, an attacker can decrypt the RSA private key. With the RSA private key, the attacker can decrypt any FEC stored with any encrypted file and decrypt the file.

So..

The contents of the encrypted folder are as secure as the user's password.

If the user uses a decent password, can this data be decrypted (easily?) if it, say, resides on a laptop and that is stolen?

Probably not by an adversary with a typical personal computer. However, given sufficient resources, like a GPU or FPGA password cracking system, EFS data may be vulnerable within a short period.

A random 12-character (upper lower and symbol) password may hold out for weeks or months against a password cracking system. See 'Power of Graphics Processing Units May Threaten Password Security' A significantly longer password may hold out for years or decades.

this.joshthis.josh

8,6132 gold badges26 silver badges51 bronze badges

It is exactly as secure as the weakest password for any account that can access the file. If that password is '7XhqL3w0,DBC1y' it's practically invulnerable. If it's 'il0veu', it might as well not be encrypted at all.

David SchwartzDavid Schwartz

The password is the weakest part of the system. You would have to have a very long (more than 14 characters) and very random password to prevent it from being hacked.

The other parts are secure. The private key and encryption key are both un-crackable with today's technology.

There are still ways around this. For example, somebody might install a USB keylogger between your keyboard and machine, and steal your password that way.

Robert David GrahamRobert David Graham

3,8351 gold badge12 silver badges14 bronze badges

short answer ..

Yes, EFS is secure if (and only if) password of given user account is non-trivial.

however ..

There are better solutions, such as FDE w/ a smartcard+PIN or TPM (plus PIN and/or token). Far too often, encryption is rendered useless b/c of poorly chosen passwords, so the above rectify that. Further, FDE solves the issue of remnants of files being discovered in temp folder, paging or hibernation file, etc.

EDIT:In response to user comment ..

FDE = full disk encryption, wherein the entire disk or significant portion (i.e., disk excluding certain boot components) is encrypted via hardware- or software-based implementation

TPM = trusted platform module, referring to a hardended, tamper-resistant chip used to store cryptographic information

GarrettGarrett

It uses AES-256 in XP, and ECC in Windows 7But if someone gets a hold of your machine and can crack your password, they can access your files. So better than nothing, but only just barely.

Windows 7 Pro Encryption

devnul3devnul3

Keep in mind the key to measuring security is not just entropy of the password, but the weakest link in the chain. In this case, physical security of the computer plays a part in addition to if the machine is on a windows domain.

It is fairly trivial to reset any windows password using Trinity provided that you can mount a DVD in the drive and reboot the machine. The next weakest link is other administrators on a windows domain network that can simply reset your password and gain access to the files.

Michael BrownMichael Brown

protected by Jeff Ferland♦Apr 2 '18 at 22:26

Thank you for your interest in this question. Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?

Not the answer you're looking for? Browse other questions tagged encryptionwindowsdisk-encryptionfile-encryptionfile-system or ask your own question.

We have already discussed many topics about how to encrypt a file or how to password protect a folder on computer. However, due to the convenience and wide use of external disks, it is also important to encrypt the files stored on SD card to avoid data leakage. SD card data locking is an important aspect of USB data protection. To ensure the security of your SD card, you’d better encrypt your SD card preventing any unauthorized access to the data in it. So today we are going to talk about how to lock an external SD card on Windows.

Then what does it mean to encrypt an SD card? Well, SD card encryption means that the data on your SD card gets protected with a password so that no one except you can get access to it unless you provide the correct password to unlock this SD card.

Windows 7 File Encryption Software

Owing to the difference between several versions of Windows, users need to choose different methods to lock SD card. If you are using the Pro and above editions of Windows 10, then you can encrypt an SD card with the BitLocker encryption feature inbuilt in the Windows system. Users who are using other Windows versions will have to turn to the third-party SD card encryption software.

Method 1 – How to Encrypt an SD Card with BitLocker?

Note: Before you encrypt an SD card with BitLocker encryption feature, you have to get your card formatted by using NTFS, FA32, FAT16, or exFAT file system.

1. Click This PC. First right-click on the SD card you want to encrypt with BitLocker and then click on the option Turn on BitLocker.

2. Now you can see a screen popping up, and just check the Use a password to unlock the drive box. Here we mainly explain how to password protect an SD card. But if you have a smart card, you can do this job by checking the option Use my smart card to unlock the drive.

Enter your password and retype it again. We recommend that you’d better set a strong password, but make sure to remember it unless you are going to store the recovery key on your PC or any other location. Then just click the Next button to proceed the following process.

3. Here, you will be able to choose the option to save the recovery key. If you forget your password or lose your smart card, you can use it to access the SD card and the data in it. Then select one of the options and save the key according to the on-screen instructions.

Besides, when you choose the Microsoft account, you will need to enter your Microsoft account email address and password. Then click on Next button.

4. Now, you have to choose one between the two options below:

Encrypt used disk space only
Encrypt entire drive

If you have no idea and need our suggestion, we will recommend the second option for you! And then click the Next button.

5. When you see the screen presented below, just check the Compatible mode option and then click on the Next button.

6. At this point you will be able to start encrypting your SD card. Just click the Start Encryption option to start the encryption process. The time it takes to complete encryption is determined by the size of the SD card and the size of the data in it.

Method 2 – How to Lock an SD Card with SD card encryption software?

There are countless SD card encryption software on the Internet, so choosing a reliable and suitable one among these tools is time consuming for you. Here we recommend you USB Security, which is dedicated for USB data security issues which include data breaches, disclosure and abuse of private files. With the assistance of this SD card encryption tool, you will not worry about losing your data in the SD card anymore.

Steps to lock an SD card on Windows 7/Windows 8/XP with USB Security:

In order to lock a SD card, you need a USB SD card reader or you can directly plug your card into a Windows computer. Then run the newly downloaded “USBSecurity.exe” program package, and choose a drive to install it.
Open your SD drive to run the “USBSecurity.exe” program in it, and enter your password. You need to confirm the password you set just now in the prompt box. The best choice for you is certainly to prepare a password hint in case of password losing. Next click on the “Protect” button to get the SD drive locked.

Steps to Unlock the SD Card on Windows 7/Windows 8/XP with USB Security:
Once you need to unlock your SD card, open the SD card on Windows, then you will find all your files in the card are hidden and there is only a file named “USBSecurity.exe” there. You should double click on it, and enter your password according to the prompt. Then choose one of the following ways to open it:

Open in virtual drive: You should open the disk in virtual drive and immediately recover SD card protection after you close the window.