How secure is NTFS encryption?

How secure is the data in a encrypted NTFS folder on Windows (XP, 7)?

What is EFS?

Folders on NTFS are encrypted with a specialized subset of NTFS called Encrypting File System(EFS). EFS is a file level encryption within NTFS. The folder is actually a specialized type of file which applies the same key to all files within the folder. NTFS on disk format 3.1 was released with Windows XP. Windows 7 uses NTFS on disk format. However the NTFS driver has gone from 5.1 on windows XP to 6.1 on Windows 7. The bits on the disk have not changed but the protocol for processing the bits to and from the disk has added features in Windows 7.

What algorithm does it use?

Windows XP (no service pack): DES-X (default), Triple DES (available)

Windows XP SP1 - Windows Server 2008: AES-256 symmetric (default), DES-X (available), Triple DES (available)

Windows 7, Windows Server 2008 R2: "mixed-mode" operation of ECC and RSA algorithm

What key size does it used?

Windows XP and Windows 2003: 1024-bits

Windows Server 2003: 1024-bits (default), 2048-bits, 4096-bits, 8192-bits, 16384-bits

Windows Server 2008: 2048-bit (default), 1024-bits, 4096-bits, 8192-bits, 16384-bits

Windows 7, Windows Server 2008 R2 for ECC: 256-bit (default), 384-bit, 512-bit

Windows 7, Windows Server 2008 R2 for for AES, DES-X, Triple DES: RSA 1024-bits (default), 2048-bits, 4096-bits, 8192-bits, 16384-bit;

How is the encryption key protected?

The File Encryption Key (FEC) is encrypted with the user's RSA public key and attached to the encrypted file.

How is the user's RSA private key protected?

The user's RSA private key is encrypted using a hash of the user's NTLM password hash plus the user name.

How is the user's password protected?

The user's password is hashed and stored in the SAM file.

So, If an attacker can get a copy of the SAM file they may be able to discover the user's password with a rainbow table attack.

Given the username and password, an attacker can decrypt the RSA private key. With the RSA private key, the attacker can decrypt any FEC stored with any encrypted file and decrypt the file.

So...

The contents of the encrypted folder are as secure as the user's password.

If the user uses a decent password, can this data be decrypted (easily?) if it, say, resides on a laptop and that is stolen?

Probably not by an adversary with a typical personal computer. However, given sufficient resources, like a GPU or FPGA password cracking system, EFS data may be vulnerable within a short period.

A random 12-character (upper lower and symbol) password may hold out for weeks or months against a password cracking system. See "Power of Graphics Processing Units May Threaten Password Security" A significantly longer password may hold out for years or decades.

It is exactly as secure as the weakest password for any account that can access the file. If that password is "7XhqL3w0,DBC1y" it's practically invulnerable. If it's "il0veu", it might as well not be encrypted at all.