Problem with back-uped encrypted files
 

In the last 3 years my office was robbed twice, and my laptops, along with all my honeymoon pictures, were lost forever. So, when i bought my last laptop one year ago, i decided to make regular backups of my info in an external HDD at home and to encrypt all my files.
It all worked flawless untill my lappy started to overheat, so i sold it after copying all my files to the external HDD, i made sure to place all my important files into one folder and to remove the encryption to the whole folder. Problem was that after formatting and selling the laptop, i realized that only half my files had been unencrypted for a reason i still don't understand. So i have over 11GB of info i can't access and don't know what to do.
I have a backup made with the xp backup utility around 3 months ago, but when i tried to restore it in my new computer, it does not create my previous user, nor can i access the encypted files. Does anyone have any idea what can i do to recover this files? Please help me! i can stand loosing data because of a robbery, but not because of a dumb error.

What did you use to encrypt the files? If it was Windows 2000 or XP, try using the same username and password you encrypted the files with, even if that means you have to create a new local login to test it.

Creating the user with the same name and password wont work, you needed to make a recovery agent before all this happened, exported it's certificate somewhere safe, you would use it to recover your data. I store mine in a locked RAR file, with an extra 2 mb of Shakespeare (to make encryption of the RAR even harder) you would import the certificate onto a use on the computer used to recover the data giving you access.

Here is a good article about it, actually it’s a 5 part article
http://www.practicalpc.co.uk/computi...xpencrypt1.htm
And Microsoft’s stance on it
http://www.microsoft.com/technet/pro...y/cryptfs.mspx


In your case, there are few options, I don’t know of any programs that will allow you to brute force it, I hope some one can recommend one. Encryption is not based just off of the user name and password, it goes much deeper. By default windows uses a 1024 bit RSA encryption, so you’re in trouble for cracking it. This is all assuming you’re not in a domain environment, if you are a larger cooperation and have a windows server domain, talk with your net admins, they should be able to get it back in a few minutes.

Oh and by the way, I do sympathies, I to have lost allot of data, about half a terra byte; several gigs of my artwork and their source files.

http://www.crackpassword.com/products/prs/mswin/efs/
$99 for home users. I have no idea if it's effective but the demo may be enough to test.

There are surely others. That's just the first that popped up.

Good luck. Painful situation. Must be the phase of the moon. I just lost another WD drive today. &*#&(*#&)!@#$!!!

if you only backed up the encrypted files, it wont work, if you backed up your entire system, it could.

Basically the program is helping people who have everything they need to decrypt the files but don’t know how to do it.

oh and after rereading your first post, one word of warning, formatting does not always wipe the data, a quick format erases the table that points to the data, not the actual data, but what most people don’t know is that a full format (windows full format) it does not either, it only checks for bad sectors, not erasing data. You need to use a program that actually rewrites at least once. Heh at work last yesterday, I took some old hard drives with sensitive data on them over to the welding shop and took a torch to them, blasted a hole through the drives.

because I am afraid of photos disappearing, I ALWAYS upload to a photosharing site, my choice is KodakGallery because I can always "buy" them back on CD.

as for the encryption I'll keep thinking about that part

I've had a similar problem.... I had files set as "private" when I transfered them to another harddrive I could not open them on any other computer...

Try this..

See if anyone you know has the same model laptop that you had. Take out their hard drive and put yours in. Intall windows onto the drive with the data... this MIGHT work.. I know windows also uses the hardware config as part of the encription. Matching the hardware worked for me... of course.. i still had windows installed on the old hard drive.. hope this helps.

Good reading Dilbert. So much for quick googles.

The only vulnerabilities I found had to do with key security. Brute force could take a very, very long time.

On Dilbert's point about erasure, I'd contact the person who bought the laptop. If you didn't wipe the drive and they upgraded there's a chance your certs are still on that drive. Recovering them would be a trick but it would be the simplest option. One of those things I'd want to rule out before giving up.

Yeah brute forcing a 1024 bit RSA encryption takes for ever. Getting the same hardware would not work, they key is generated by much more than the hard ware, and even then the hard drive would be different. The only chance is to get the certificate that has the key to decrypt the data. Unless you are on a domain, then you should be just fine when you talk with the domain admin.

and btw I tried the free version of that cracker on a virtual machine, it did not work at all, I created 2 admin users, encrypted a file with one and ran the software as the other, no go, it found all the keys, I gave it the original password, but nothing.

Ironman, our comments about brute forcing the files has to do with immediate recovery. RSA 1024 is strong. But everything secure becomes less so with discoveries and ever-increasing computing horsepower. If the files are pictures or things that only increase in value with time I'd definitely keep multiple copies in separate locations. Even though you can't read them now, in 5-10 years RSA 1024 could be a cinch to crack.

Just thought I should mention it. For me it'd be worth a few DVD sets in the hope of progress.