EFS security relies on public/private key pair which is stored on local computer. Windows protects all private keys by encrypting them through Protected Storage service. Protected Storage encrypts all private keys with Session Key, derived from 512 bit Master Key, and stores them in %User Profile%\Application Data\Microsoft\Crypto\RSA\User SID. The Master Key is encrypted by Master Key Encryption Key, which is derived from user password by using a Password Based Key Derivation Function and stored in %User Profile%\Application Data\Microsoft\Protect\User SID. Despite the efforts Windows takes to protect keys, the fact, that all information is stored on local computer, gives an attacker, who's got an access to hard drive, a chance to figure out keys and use them to decrypt protected data. The overall security could be significantly enhanced by encrypting private keys with System Key. The syskey.exe utility can be used to store System Key on a floppy disk and remove it from computer. In this case user must insert a diskette with System Key when computer boots up. Nevertheless, this method should be taken with precautions since if key diskette is lost, there's no way to get access to computer.