Content deleted Content added
No edit summary |
Nsjlcuwdbcc (talk | contribs) m added hyperlinks |
||
Line 6:
==Security properties==
DPAPI doesn't store any persistent data for itself; instead, it simply receives [[plaintext]] and returns [[ciphertext]] (or vice versa).
DPAPI security relies upon the Windows operating system's ability to protect the Master Key and [[RSA (algorithm)|RSA]] private keys from compromise, which in most attack scenarios is most highly reliant on the security of the end user's credentials. A main encryption/decryption key is derived from user's password by [[PBKDF2]] function.<ref>{{cite web|title=Windows Password Recovery - DPAPI Master Key analysis|url=http://www.passcape.com/windows_password_recovery_dpapi_master_key|website=Passcape.com|accessdate=2013-05-06}}</ref> Particular data [[binary large object]]s can be encrypted in a way that [[Salt (cryptography)|salt]] is added and/or an external user-prompted password (aka "Strong Key Protection") is required. The use of a salt is a per-implementation option - i.e. under the control of the application developer - and is not controllable by the end user or system administrator.
| |||