Revision as of 15:28, 4 July 2013 edit Frap (talk \| contribs) Extended confirmed users, File movers, Pending changes reviewers, Rollbackers 35,587 edits →Use of DPAPI by Microsoft Products ← Previous edit		Revision as of 21:45, 30 January 2014 edit undo 86.128.50.60 (talk) bad comma Next edit →
Line 5: The [[DPAPI]] keys used for encrypting the user's RSA keys are stored under "%APPDATA%\Microsoft\Protect\{[[Security Identifier\|SID]]}", where {[[Security Identifier\|SID]]} is the security identifier of that user. The DPAPI key is stored in the same file as the master key that protects the users private keys. It usually is 64 bytes of random data. Though the [[DPAPI]] internals are largely undocumented by Microsoft, [[Elie Bursztein]] and [[Jean-Michel Picod]] presented an analysis of the protocol titled, ''Reversing DPAPI and Stealing Windows Secrets Offline'' at [http://www.blackhat.com/html/bh-dc-10/bh-dc-10-briefings.html Black Hat DC 2010]. In addition to their briefing, Bursztein and Picod released [http://www.dpapick.com DPAPIck] which allows offline decryption of data encrypted with [[DPAPI]]. ==Security properties==

Data Protection API: Difference between revisions