Re: EFS algorithm by Roger
Roger
Wed Nov 15 18:06:41 CST 2006
When AES was introduced in XP at SP1, David Cross posted
reg keys that could be used to make EFS in XP backward
compatible with W2k. I do not know whether that info was
ever surfaced in a KB.
Roger
"Ueli Strasser" <UeliStrasser@discussions.microsoft.com> wrote in message
news:30F65290-4F14-46C9-ACB7-73E74625B972@microsoft.com...
> "Brian Komar [MVP]" wrote:
>
>> In article <21EA4D36-F92F-4F46-B591-AFC49400DDE1@microsoft.com>,
>> Ueli@discussions.microsoft.com says...
>> > Hi,
>> > which common algorithm can be used in a windows 2000, XP and 2003
>> > environment for efs, assuming that on all os' the latest service pack
>> > is
>> > applied and on the w2K the high encryption pack is installed? I've
>> > found some
>> > on the Internet saying desx and others 3des.
>> >
>> > Thanks and regards
>> > Ueli
>> >
>> There is no common algorithm, as the encryption algorithm used is
>> determined by the OS. If you are planning to do multiple boot, you
>> basically cannot share EFS encrypted files between the builds, even if
>> you import EFS certificates
>>
>> Here are the list of algorithms:
>> Windows 2000: DESX
>> Windows XP and Server 2003 base: 3DES
>> Windows XP with SP2 (may be SP1): AES
>> Windows Server 2003 with SP1: AES
>>
>> Brian
>>
> this came up in the MOC course 2238A where in a excercise there is this
> question: "roaming profiles will be used , therefore an algorithm is
> required
> that is supported by all os (w2k, xpp, w2k3)" (unit 5 about EFS). afaik
> the
> algorithm can also by controlled by a group policy, but still I can't see
> the
> meaning of the above question and apparently it's not even possible. Can
> someone help me?
> btw: following your answer Brian FIPS compliance couldn't be accomplished
> in
> environments including w2k pcs, right?
>
> Regards
> Ueli