Content deleted Content added
No edit summary |
m →Security properties: Typo fixing, replaced: vice-versa → vice versa using AWB |
||
Line 8:
==Security properties==
DPAPI doesn't store any persistent data for itself; instead, it simply receives plaintext and returns ciphertext (or vice
DPAPI security relies upon the Windows operating system's ability to protect the Master Key and [[RSA (algorithm)|RSA]] private keys from compromise, which in most attack scenarios is most highly reliant on the security of the end user's credentials. A main encryption/decryption key is derived from user's password by PBKDF2 function.<ref>{{cite web|title=Windows Password Recovery - DPAPI Master Key analysis|url=http://www.passcape.com/windows_password_recovery_dpapi_master_key|accessdate=2013-05-06}}</ref> Particular data [[binary large object]]s can be encrypted in a way that [[Salt (cryptography)|salt]] is added and/or an external user-prompted password (aka "Strong Key Protection") is required. The use of a salt is a per-implementation option - i.e. under the control of the application developer - and is not controllable by the end user or system administrator.
| |||