Decrypting EFS'd files after XP reinstallation.

Here's a challenge for the computer gurus. About two years ago I created a file on my XP machine. This file contained passwords to several applications, so to protect it I used XP's built in encryption, which tied the file to that login account. Fast forward to three weeks ago. A blown application installation royally screwed my XP installation so I backed up all of my important files and wiped my HDD, reinstalling XP SP2. When I copied the encrypted file back to my HDD, I was mortified to learn that I couldn't open the file (even though the account name was the same, the "key" was different).

Does anyone know how I can decrypt this file? Am I screwed?

Is there any chance you backed up your keys anywhere? If so, you can use the backup to retrieve your key and then decrypt the file. Otherwise, you may be out of luck unless you want to spend a few years working on a brute force attack on the encryption.

A company called Elcomsoft sells a data recovery agent it says can recover data lost because of this problem. (FWIW, Microsoft says this is not possible, but I'm not sure if I'd trust Microsoft to be fully honest about how secure its encryption tools are.) According to what I read elsewhere, the trial version, which you can download by following the link, will analyze what you've got and let you know whether it can recover the data. You have to pay $99 for the full version that allows you actually to recover the data. So, if this works, I suppose it depends on how much it's worth to you.

BTW, this is not an endorsement of the product mentioned. I've never used it, and I have had a lot of bad luck with programs like this that make grand claims about what they can do. Encryption, by design, is hard to break, and if this program does work the way it says it does, then the EFS encryption isn't worth beans. I mention it only because of a reference to it in PC Magazine.

The freebie version will decrypt a half-kilobyte without any payment, and since the file only contained a list of passwords, I was able to recover all but three (which I remember). What was really disturbing, however, is that it cracked the file in SECONDS, even without the matching key on the system. I'd thought that EFS was useful on an NTFS filesystem, but if cracking it is this easy, I don't know that I'm even going to bother with it again (I'll probably just keep the file on my USB fob from now on).

I wonder what encryption method EFS uses...ROT13?

Well, it might surprise me a little, but not a lot. There are a few so-called security measures MS uses that can be completely bypassed by booting a Linux system from the CD and running the appropriate program. I also lost my password to a Word document I saved years ago. I thought the thing was lost then ran across a tiny, maybe 20k, program that broke that password in less time than it took me to realize the program was finished running.

Anyway, I'm glad it helped some, and I'm also sorry. :-)

If you just want to encrypt files, get PGP. (I'd personally recommend the OpenSource version GnuPG, but it is less convenient to use for things like this if that is important to you. You have to use the command line from a DOS shell.) The free version of this allows you to encrypt individual files, and it won't be tied even to a particular OS. Just make sure you do backup your keys because it is definitely not easy to break.

If you get PGP, you need the trial version. After 30 days, it no longer will automatically encrypt e-mail, but the file encryption part still works, and you can still decrypt anything for which you have the proper keys.