Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / New Users / September 2004

Tip: Looking for answers? Try searching our database.

CryptProtectData key.

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
RockinFewl - 06 Sep 2004 21:56 GMT
Hi all,

I'm considering to use the Data Protection API CryptProtectData, with
the flag set for CRYPTPROTECT_LOCAL_MACHINE.

The documentation says this "associates the data encrypted with the
current computer instead of with an individual user".

On what computer characteristics is the secret key (?) based then? What
computer modification may break it? Or is it possible to obtain the same
key on another computer somehow (reasonably mimiced hardware, with a
ghosted OS perhaps?)

Thanks heaps,
Koen.

Signature

Notice: Remove packaging material from e-mail address before use.

Reply to this Message
David Cross [MS] - 07 Sep 2004 01:57 GMT
This article may help to answer some of your questions:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/html/w
indataprotection-dpapi.asp

Signature

David B. Cross [MS]

--
This posting is provided "AS IS" with no warranties, and confers no rights.

http://support.microsoft.com

> Hi all,
>
[quoted text clipped - 11 lines]
> Thanks heaps,
> Koen.
Reply to this Message
RockinFewl - 07 Sep 2004 09:33 GMT
> This article may help to answer some of your questions:
>
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/html/w
indataprotection-dpapi.asp

Thanks for this information David --

However, it isn't entirely clear yet how the CryptProtectData /
CryptUnprotectData algorithm works when it's bound to the machine only
-- for the most part the document assumes user credentials to base keys
on, but in my case assuming fixed logons is not an option.

More specifically, I'm afraid that it's too easy to set up a ghosted
machine and then successfully decrypt data that was encrypted on the
original machine.  Just this morning this was proved by a little
experiment (and yeah, getting the ghosted WinXP it to work all the way
was a pain, but then, we're not sysadmins really).

Is this expected behaviour, or is my understanding not correct?

Thanks again,

Koen.

Signature

Notice: Remove all packaging [from e-mail address] before use.

Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.