question isn't so much a research question as it is a technical one,
and in full disclosure, it comes from the editor and not a
subscriber. I regularly encrypt sensitive files on my Windows XP Pro
computer using Windows encryption as just one method of securing
information on it. I travel a lot and I use my own laptop in the
I also run an automatic
backup program by Iomega, which copies my files to an external hard
drive (or a temporary cache if I'm traveling) at frequent intervals.
Recently, I noticed that it copies the encrypted files without
retaining the encryption. Does anyone know if the mere act of
copying a file encrypted with Windows in effect decrypts the file?
Is this perhaps the unintended consequence of copying the file to a
non-NTFS file system or FAT32 drive? If so, what does this say about
the security of Windows encryption?
Robert McComber: To answer the
writer's question, the act of copying the file does remove the
encryption. Windows File System encryption is tied to both NTFS and
generally to the presence of Active Directory. It is also important
to keep in mind that Windows File Encryption, by virtue of this
process, does not protect the file in transit;
i.e., when it is being moved between two
machines across the network, it is not encrypted. If the Windows
File System encryption is used on a corporate Active Directory
domain, the administrators can open the files, though it does
require some effort.
If the writer is
interested in a file encryption or drive encryption solution that
protects the information both in transit and at rest, they should
consider a standalone file protection solution. Depending on
corporate policies, there may be an existing solution or this might
have to be setup just for the single machine. It is important to
check with IT if any company documents are going to be encrypted,
however, as there is always a risk of losing the password, in which
case the information encrypted would likewise be lost.
Some potential encryption packages include PGP Desktop Professional
9.6 (www.pgp.com) which is a
retail product and has excellent corporate integration tools, or
a standalone open-source tool available freely. I use Truecrypt
myself as it's easy to handle and very flexible.
Robert McComber is Product Security
Specialist with Telvent in Canada. Thank you, Rob, for your most