Re:WRONG! (Score 1)

If you follow the Best Practice Guide for EFS and export this recovery key immediately after install, you can avoid this little problem. As far as the key being stored on the same system, it is protected by 5 layers of encryption. Changing the password of the user, changing domain membership of the machine, or reinstalling the OS obliterates the original key. EFS in Windows 2000 uses DESX for encryption. 3DES is available in Windows XP. You should define dedicated cryptanalysis. Given enough time and cycles, any cipher can be cracked. You're security guy is either a genius or vastly overpaid.