Extra-Secure EFS

by Mitch Tulloch [Published on 29 Aug. 2006 / Last Updated on 29 Aug. 2006]

How to increase EFS security on Windows XP.

By default, the Encrypting File System (EFS) feature uses DESX as its encryption algorithm, but this is no longer as secure as it once was given recent advances in cryptanalysis. You can make EFS even more secure however on Windows XP computers by using 3DES, and this can be configured using the following Group Policy setting:

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing

This will cause XP to use 3DES instead of DESX for EFS encryption. Note that this setting is not needed for Windows Server 2003 computers which use AES by default for EFS.

See Also

Featured Links