Extra-Secure EFS

By default, the Encrypting File System (EFS) feature uses DESX as its encryption algorithm, but this is no longer as secure as it once was given recent advances in cryptanalysis. You can make EFS even more secure however on Windows XP computers by using 3DES, and this can be configured using the following Group Policy setting:

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing

This will cause XP to use 3DES instead of DESX for EFS encryption. Note that this setting is not needed for Windows Server 2003 computers which use AES by default for EFS.

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top