Re: How DPAPI decrypts the protected data when master key is deleted from machine?
- From: "John Banes" <jabanes@xxxxxxxxxxx>
- Date: Sun, 26 Aug 2007 16:10:13 -0700
Answers in-line.
"brijesh mishra" <mishra.brijesh@xxxxxxxxx> wrote in message
news:1187905075.230691.273950@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I wonder how DPAPI finds the master key when you delete or renameI can think of a couple of possibilities.
%USERPROFILE%\Application Data\Microsoft\Protect folder.
The master key is stored in User's profile along with Credential
History file at %USERPROFILE%\Application Data\Microsoft\Protect
folder. CredHist is located at the root of this folder and the master
key inside the subfolder names as the user's SID.
After renaming or deleting this ProtectFolder, CryptUnProtectData
method still decrypts your blob.
HOW IS THIS POSSIBLE? FROM WHERE MASTER KEY IS RETRIEVED for
decryption?
1. Master keys are cached in memory, so you'll need to reboot after renaming
or deleting the Protect folder.
2. For domain user accounts, master keys are backed up on the user's DC and
so the CryptUnprotectData function may just be calling over to the DC to get
the necessary key.
Note that the CREDHIST file is only used for local accounts. Domain accounts
Also since Credential History is encrypted with password and contains
old password, it ought to be a big security hole in DPAPI
implementation unless the documentation is stating something that is
not TRUE.
use backups on the DC instead.
If you are able to hack the system and obtain the user's plaintext password
DPAPI documentation says "the system keeps a "Credential History" file
in the user's profile directory. When a user changes his or her
password, the old password is added to the top of this file and then
the file is encrypted by the new password. If necessary, DPAPI will
use the current password to decrypt the "Credential History" file and
try the old password to decrypt the MasterKey. If this fails, the old
password is used to again decrypt the "Credential History" file and
the next previous password is then tried. This continues until the
MasterKey is successfully decrypted"
This means I simply have to hack into either SAM DB or PASSWORD cache
and I will be able to breach the MASTER key security.
then you can do anything you want, including decrypting the user's DPAPI
data. I wouldn't call this a security hole. If all you have is the user's
NTOWF, then this won't help you as the CREDHIST file encryption uses a
different password derivation.
Hello experts, can you please explain my concerns?
.
- References:
- How DPAPI decrypts the protected data when master key is deleted from machine?
- From: brijesh mishra
- How DPAPI decrypts the protected data when master key is deleted from machine?
- Prev by Date: Re: Problems when opening an encrypted e-mail with my CSP
- Next by Date: Re: SSPI and Crypto
- Previous by thread: How DPAPI decrypts the protected data when master key is deleted from machine?
- Next by thread: How DPAPI decrypts the protected data when master key is deleted from machine?
- Index(es):
Relevant Pages
|
