Re: DPAPI
From: Michel Gallant (neutron_at_istar.ca)
Date: 05/26/05
- Next message: otto: "Re: Impersonation through HttpModule"
- Previous message: Johan: "DPAPI"
- In reply to: Johan: "DPAPI"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 26 May 2005 09:00:46 -0400
Yes all users on that machine can decrypt the DPAPI encrypted data if you use
CRYPTPROTECT_LOCAL_MACHINE flag.
You should therefore ALSO considering adding ACL control to the encrypted data,
and also you might want to add additional pOptionalEntropy password protection.
See also Writing Secure Code, 2nd Edn. p. 306 pp
- Mitch Gallant
MVP Security
"Johan" <johan@home.se> wrote in message news:d74e0d$iuu$1@ulric.tng.de...
> Hi,
> How does the DPAPI work when using machinestore? Does all users on the
> machine have access to the encrypted data?
> Or is it possible to set an access list?
>
> Johan
- Next message: otto: "Re: Impersonation through HttpModule"
- Previous message: Johan: "DPAPI"
- In reply to: Johan: "DPAPI"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
