Revision as of 09:19, 13 August 2010 edit 212.44.26.236 (talk) fixed a typo ← Previous edit		Revision as of 21:41, 22 September 2010 edit undo 18.208.1.243 (talk) DPAPIck has a capital I Next edit →
Line 5: The [[DPAPI]] keys used for encrypting the user's RSA keys are stored under "%USERPROFILE%\Application Data\Microsoft\Protect\{[[Security Identifier\|SID]]}" [[Windows XP]] or before, and in "%USERPROFILE%\AppData\Roaming\Microsoft\Protect\{[[Security Identifier\|SID]]}" in [[Windows Vista]] or later, where {[[Security Identifier\|SID]]} is the security identifier of that user. The DPAPI key is stored in the same file as the master key that protects the users private keys. It usually is 64 bytes of random data. Though the [[DPAPI]] internals are largely undocumented by Microsoft, [[Elie Bursztein]] and [[Jean-Michel Picod]] presented an analysis of the protocol titled, ''Reversing DPAPI and Stealing Windows Secrets Offline'' at [http://www.blackhat.com/html/bh-dc-10/bh-dc-10-briefings.html Black Hat DC 2010]. In addition to their briefing, Bursztein and Picod released [http://www.dpapick.com ~~DPAPick~~DPAPIck] which allows offline decryption of data encrypted with [[DPAPI]]. ==Security properties==

Data Protection API: Difference between revisions