Content deleted Content added
DanielPharos (talk | contribs) m →Use of DPAPI by Microsoft Products: Fixed a bad link |
m Robot: disambiguate RSA |
||
Line 10:
DPAPI doesn't store any persistent data for itself; instead, it simply receives plaintext and returns ciphertext (or vice-versa).
DPAPI security relies upon the Windows operating system's ability to protect the Master Key and [[RSA (algorithm)|RSA]] private keys from compromise, which in most attack scenarios is most highly reliant on the security of the end user's credentials. Particular data [[binary large object]]s can be encrypted in a way that [[Salt (cryptography)|salt]] is added and/or an external user-prompted password (aka "Strong Key Protection") is required. The use of a salt is a per-implementation option - i.e. under the control of the application developer - and is not controllable by the end user or system administrator.
Delegated access can be given to keys through the use of a [[COM+]] object. This enables [[Internet Information Services|IIS]] [[web servers]] to use DPAPI.
| |||