Re: CryptProtectData key.

From: Robert Gu [MSFT] (robertg_at_online.microsoft.com)
Date: 09/08/04

Next message: John Banes [MS]: "Re: Why my csp can't work in Win98?"
Previous message: Robert Gu [MSFT]: "Re: Backing up keys"
In reply to: lelteto: "Re: CryptProtectData key."
Next in thread: RockinFewl: "Re: CryptProtectData key."
Reply: RockinFewl: "Re: CryptProtectData key."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 7 Sep 2004 22:41:51 -0700

You should not use machine key for any sensitive data. It is not very
secure. Any admin could get the data easily.

-- 
This posting is provided "AS IS" with no warranties, and
confers no rights.
"lelteto" <lelteto@discussions.microsoft.com> wrote in message
news:E937275F-6DB9-4BC6-A265-FFCBE26F0179@microsoft.com...
> Yes, it is expected that if you protect data with machine key than
restoring
> the machine Registry and key store will allow anyone (who can log in) to
use
> that machine key and decrypt your data. The problem, of course, is that
it's
> relatively easy to "take over" a Registry if you have physical access - so
if
> your computer image is duplicated your data could be recovered.
> You can use instead user key (which would ultimately be protected by the
> user password) - but than it's available to that user only.
> You can derive your encryption key from a password - which you would need
to
> share among users.
> Or you can set up your own key management scheme - but it's hard to do it
> correctly.
>
> If you worry about cloning and physical access than you should not use
> machine keys.
>
> Laszlo Elteto
> SafeNet, Inc.
>
> "RockinFewl" wrote:
>
> > David Cross [MS] wrote:
> >
> > > This article may help to answer some of your questions:
> > >
> > >
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/html/windataprotection-dpapi.asp
> > >
> >
> > Thanks for this information David --
> >
> > However, it isn't entirely clear yet how the CryptProtectData /
> > CryptUnprotectData algorithm works when it's bound to the machine only
> > -- for the most part the document assumes user credentials to base keys
> > on, but in my case assuming fixed logons is not an option.
> >
> > More specifically, I'm afraid that it's too easy to set up a ghosted
> > machine and then successfully decrypt data that was encrypted on the
> > original machine.  Just this morning this was proved by a little
> > experiment (and yeah, getting the ghosted WinXP it to work all the way
> > was a pain, but then, we're not sysadmins really).
> >
> > Is this expected behaviour, or is my understanding not correct?
> >
> > Thanks again,
> >
> > Koen.
> >
> > -- 
> > Notice: Remove all packaging [from e-mail address] before use.
> >

Next message: John Banes [MS]: "Re: Why my csp can't work in Win98?"
Previous message: Robert Gu [MSFT]: "Re: Backing up keys"
In reply to: lelteto: "Re: CryptProtectData key."
Next in thread: RockinFewl: "Re: CryptProtectData key."
Reply: RockinFewl: "Re: CryptProtectData key."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]