RE: Encryption Key Question

From: Simon Zuckerbraun (szucker_at_sst-pr-1.com)
Date: 03/03/05

  • Next message: David Heise: "Re: Encryption Key Question"
    Date: Thu, 03 Mar 2005 14:10:06 -0600
    To: zaven@sonic.net, dheise@gmail.com, security-basics@securityfocus.com
    
    

    David: If I'm understanding you correctly, you have the following
    situation: An application, running on behalf of a particular user, has a
    piece of sensitive data that must be stored on the local computer. You
    are looking for a way to encrypt that data before storing it, so only
    that user will be able to access the data. Any other individual who gets
    access to the machine will not be able to access the data.

    Some operating systems have a facility for performing exactly that task.
    In Windows, this is known as DPAPI.

    Zaven: Here's a very quick explanation of how DPAPI works in Windows.
    For each user in the system, Windows generates a random "master key"
    used to encrypt the user's secrets. The master key is stored as part of
    the user's profile, encrypted with a key that is derived from the user's
    password. Unless the user is logged on to the system with the proper
    password, the master key can not be decrypted. (Warning! This is a bit
    oversimplified, as I am about to explain...)

    Enormous complications result from the fact that we need to be able to
    deal with password changes and resets. If the user forgets his password
    and an administrator forcibly resets it to a different string, there has
    to be some way for the user to regain access to his master key (which
    sits encrypted using the original password). Microsoft went to great
    lengths to ensure a proper balance between security and reliable means
    of recovery in the case of such interruptions in normal operations. In
    practice, the effectiveness of DPAPI depends on certain details of how
    the machine is configured; high-security configurations are achievable.

    I could go on and on about this. It's a topic that never ceases to
    facinate me.

    Lots can go wrong. Apply Keychain Manager was found to have a bad
    security hole (http://seclists.org/lists/bugtraq/2004/Jul/0166.html). I
    don't know the current status of that issue.

    David: You will find out - either that, or you've already found out -
    that there are no universal solutions in security. Every proposed
    solution has to be carefully evaluated to ensure that it accurately
    addresses the threats that are relevant. So I need to add this word of
    caution: I'm not telling you for sure that DPAPI (or the equivalent on
    another OS) is necessarily the appropriate solution to the problem you
    are working on. That's something that can only be decided after a
    careful, holistic study of the environment in which your system will
    operate, and the potential threats that need to be defended against.

    Simon

    > -----Original Message-----
    > From: Zaven [mailto:zaven@sonic.net]
    > Sent: Wednesday, March 02, 2005 11:21 PM
    > To: David Heise; security-basics@securityfocus.com
    > Subject: Re: Encryption Key Question
    >
    >
    > David Heise wrote:
    >
    >> Here's my question:
    >> What is the best method of storing this passphrase internally in the
    >> application such that it would be as secure as possible?
    >
    > AFAIK, you can't store the passphrase anywhere securely. You should
    > think in terms of requiring the user/other process/whatever to input the
    > passphrase in to authenticate, and then storing only the hash digest.
    >
    > If anyone knows how (e.g., Apple Keychain Manager) manages to diaplat
    > the plaintext of stored passwords, I'd like to know, because it makes me
    > nervous :)
    >
    > Zaven


  • Next message: David Heise: "Re: Encryption Key Question"

    Relevant Pages

    • Re: Encryption Key Question
      ... Here's a very quick explanation of how DPAPI works in Windows. ... > used to encrypt the user's secrets. ... the master key can not be decrypted. ... > that there are no universal solutions in security. ...
      (Security-Basics)
    • Re: CryptAcquireContext returns NTE_BAD_KEY_STATE?
      ... The Microsoft software CSPs encrypt the private keys using DPAPI ... which encrypts this using a master key. ...
      (microsoft.public.platformsdk.security)
    • Re: Back Doors
      ... >> Design into the system a master key. ... Encrypt that with public key. ... Decrypt random symmetric key with private key. ...
      (sci.crypt)
    • Security log Error 596
      ... when I go to request a certificate I ... > Backup of data protection master key. ... DPAPI is used to encrypt secrets (like EFS encryption ... domain recovery key. ...
      (microsoft.public.windowsxp.security_admin)
    • Re: secrets of the EFS key pair maker
      ... DPAPI doesn't use the password when it generates ... encrypt master key with key-from-password; ... generate symmetric FEK ...
      (microsoft.public.windowsxp.security_admin)