Windows XP Folder Encryption Key ? Where is the Windows XP encryption Key saved.

[abartar 0]

Does any one know where is the encryption key in Windows XP stored. In other words how can one get encryption key.Or how to retrive the data without the encrytion key.By encrypting a file or folder, we are converting it to a format that can't be read by other people. A file encryption key is added to files or folders that you choose to encrypt. This key is needed to read the file.

[yordan 10]

Or how to retrive the data without the encrytion key.

This a well-known and very funny problem.Of course, data are crypted in order to prevent you from reading them.
The encryption key is here part of the thing.
So, if the encryption algorythm is correct, it will not be easy to retrieve the data without the encryption key.
Probably the army has some huge computers in charge of such things : put your disk in such computer, and if their algorithms are better than Crosoft ones, and if their computers are big enough, and if you have enough time...

[tansqrx 0]

Are you trying to break into a folder that was encrypted using the built in Windows encryption (EFS)? If so then there may be hope for you. This can be hard and complicated so you should be very dedicated to this idea.

First off I have never used EFS because I think the security completely stinks. I have adopted PGP Whole Disk encryption as my standard method. Letâs take this scenario for example. You are the administrator on a computer and have a child. You have given your kid his own account and they are fairly responsible and computer literate so you donât think anything else of it. One day as you are browsing through âC:\documents and setting\kids nameâ you notice some encrypted files. For what ever reason you decide you really need to know what is in them without your kid knowing. Even though you maybe logged on as administrator you are not able to access the encrypted files. As a side note this is not the case if the administrator has been named the recovery agent, but we will assume you are not that lucky (https://support.microsoft.com/en-us/products/windows). Now note that your kid does not have to do anything special under his account. The encryption password or key is his Windows account username and password. So what you really need is to get his password and then login as him.

According to your circumstances this can take several forms. You could possibly use a key logger to get the account if you have local access. The more robust way is to grab the SAM database and brute force the password. I have already given several tutorials on how to do this. Go to http://forums.xisto.com/no_longer_exists/ for a detailed talk on how to get the password.

Now the next and much more involved step is to retrieve the password. There are various tools that will retrieve the Windows password from the SAM but the best by far are rainbow tables. Go to Google and search for ârainbow tablesâ and in the first few links you will find a site that has torrents for the tables. Now the hard part. Rainbow tables are precompiled hashes of every possible password. As such there are a lot of possible passwords. It took me about a month to get my tables and they take about 50 Gb of hard drive space. As long as the password is under 32 characters that are typeable from the keyboard you WILL get the password. Once you have the tables the finding of the passwords usually only takes a few hours.

As a disclaimer this information should only be used for good. This technique has its valid purposes and I have used it several times to retrieve data for customers that simply forgot their passwords. Do the right thing.

[wutske 0]

I think the key is generated from several kinds of information about the user and it's impossible to acces the data by creating the same user again (if for example you reinstalled windows). So be carefull when you use encryption, complete windows failure equals data = lost.Try googl'ing a bit to see if you can find some way to crack it, but it's probably rather impossible.

[yordan 10]

Try googl'ing a bit to see if you can find some way to crack it

Of course, we never perform this kind of things. We only do politically correct things, we are very polite and we respect all the rules. Edited October 3, 2006 by yordan (see edit history)

[vhortex 1]

Rainbow tables are precompiled hashes of every possible password. As such there are a lot of possible passwords. It took me about a month to get my tables and they take about 50 Gb of hard drive space. As long as the password is under 32 characters that are typeable from the keyboard you WILL get the password. Once you have the tables the finding of the passwords usually only takes a few hours.

some stuff to add, there are some variants of keys and hash that windows uses, depends on what version of windows and what patches are installed.

some windows versions have two hash keys.. each part ressembles half of the original passwords.

---

rainbow takes a lot of time to generate.. it takes me 3 months and 5 pentium 4 2.6gHrtz to compile / generate 90 gig of rainbow tables..

it only gives me success rate of 60% and that is for passwords 1char to 24chars long..

rainbow tables is usefull with a popular cracking soft.. i will not mention it here since I guess cracking is not permitted as a topic here.. this said soft will read rainbow as input and can decrypt char by char level..

----

SAM files can only be read when you boot on command shell and you need to be an admin.. that is the last time i remember how it works.. SAM files cannot be copied when on windows GUI since it is locked for system use when the GUI is enabled..

Someone asked me a few months ago why this is so.. And I have answered with a blank reply of "Beats me, I just read them.."

[tansqrx 0]

SAM files can only be read when you boot on command shell and you need to be an admin.. that is the last time i remember how it works.. SAM files cannot be copied when on windows GUI since it is locked for system use when the GUI is enabled..

This is true if you boot into Windows but the whole point of Knoppix is to not boot into Windows. This can also be accomplished if you remove the hard drive and install it into another Windows machine.

rainbow takes a lot of time to generate

I donât think I would ever try and generate my own. Just download them from a torrent site. Its quicker and easier and I have never had any problems out of them.

some windows versions have two hash keys

This is true. The rainbow tables are only useful on the less secure LMAN hashes which originated out of Windows 95. The later versions of hashes are nearly impossible to crack. The upside (depending on which side of the fence you are on) is that all current versions of Windows will accept the less secure LMAN hashes by default. Only if you really dig into the machine security settings will you be able to disable LMAN hashes. Essentially Windows has two hashes by default, LMAN and Kerberos.

[werewolf1405241533 0]

hiwell, as mentioned above, it will be very difficult to recover encrypted files if we install new windows.unfortunately, same has happened to me.i encrypted about 400-450 MB of data in Windows XP and then installed a new copy of windows.now i cannot access a single encrypte file.kindly help me in this regard... data is real important to me...i m willing to do the lengthiest procedure for that.please dont tell me that no on e can help me in this regard, there must be something that can be done. So plz HELP!thanx in advance :-)

[tansqrx 0]

I will have to direct this problem to someone else. As far as I know you are out of luck unless you designated a recovery authority or created a repair disk.

[cmosads 0]

i dont know if you still have this problem or not...but i had this problem recently so what i did was...i used partition recovery software to do a RAW read on the disk and i restored my EFS (encrypted file system) files to a different location and it worked for me...

[Atomic0 0]

If you wish to recover EFS encrypted files from a older Windows XP system, it is likely that recovering the current passwords will not help you recover the old EFS encrypted files.

SAM and SYSTEM are just the files that store passwords for the system and encrypt the passwords.

I think what you are looking for is a program for recovering EFS encrypted files. A quick Google search has revealed a number of different programs that can retrieve encrypted files.

EFS Key:
http://www.lostpassword.com/efs.htm
Active FIle Recovery:
http://www.file-recovery.net/soft.htm

[SilverFox1405241541 0]

I have been told that putting the files/folders on a FAT32 Harddrive would fix it, however I haven't tested that out.I have like 1 GB of files encrypted after reinstalling windows.

[iGuest 3]

I also have the same problem

Windows XP Folder Encryption Key ?

 

I applied encryption atributes on all my files in drive d...Yesterday I formatted My winXP and installed a new XP,Now those files are not working at all,not even bieng copied anywhere...It inculeds lots of photos,music and docs...Please help as those attributes are also not bieng removed PLEASE HELP...

 

The data is damn important...PLEASE help me...In detail PLEASE

 

-reply by Waqas

[iGuest 3]

I have done a big mistake,PLEASE HELP ME

Windows XP Folder Encryption Key ?

 

I posted this as an oppinion/reply/Comments,sorry if I was wrong...

 

Here's my problem,Please help

 

I applied encryption atributes on all my files in drive d...Yesterday I formatted My winXP and installed a new XP,Now those files are not working at all,not even bieng copied anywhere...It inculeds lots of photos,music and docs...Please help as those attributes are also not bieng removed PLEASE HELP

 

-question by Waqas

[iGuest 3]

advanced efs data Windows XP Folder Encryption Key ?This is a good program , May be just what you need.http://forums.xisto.com/no_longer_exists/: