Windows EFS Flaw?

**bartonc** · Jul 6 '07, 09:34 AM

Originally posted by trahul87

Windows EFS allows users to encrypt files which thus can be accessed only by authorized users. To allow users on other systems to access the files the certificate must be exported. But if the same encrypted files are put for sharing on DC++ (p2p client) any user can download the original unencrypted files without any need for user permissions. why is this so? is this some sort of a flaw? please help

Apparently, there are many flaws in EFS. Some of them are discussed here.

**Motoma** · Jul 6 '07, 01:18 PM

Originally posted by trahul87

Windows EFS allows users to encrypt files which thus can be accessed only by authorized users. To allow users on other systems to access the files the certificate must be exported. But if the same encrypted files are put for sharing on DC++ (p2p client) any user can download the original unencrypted files without any need for user permissions. why is this so? is this some sort of a flaw? please help

Not a flaw, this is by design.

EFS stands for Encrypted File System. The FILE SYSTEM is encrypted, not the files themselves. The encryption layer lies at the Operating System level of the application heirarchy, not the application layer. When you (an authorized user) share the files in DC++, the application has access to the file system (because you do).

Windows EFS Flaw?

Windows EFS Flaw?

Comment

Comment