0

Say, if I used CryptProtectData API without using the CRYPTPROTECT_LOCAL_MACHINE flag to scramble some data from the code running under an administrative Windows user account. Pretty much like it's shown here except the API will be called as such:

CryptProtectData(&DataIn,
     NULL,
     NULL,
     NULL,
     NULL,
     CRYPTPROTECT_UI_FORBIDDEN,
     &DataOut);

And then saved the resulting cipher text in the System Registry.

My question is, how easy would it be for someone who is not logged in under that same administrative user account to decode my scrambled message?

c00000fd
  • 20,994
  • 29
  • 177
  • 400
  • Without the same login credentials they would most likely need to brute-force the encryption, and how easy that is depends entirely on which encryption algorithm the function uses. This doesn't seem to be documented anywhere from what I can tell. – Jonathan Potter Jun 25 '16 at 22:16
  • @JonathanPotter: Thank you. The MSDN page states that the `function creates a session key` for encryption but it doesn't mention more details. If it uses just a user SID and some other static info for that machine, it would be fairly easy for anyone to obtain those w/o logging in as administrator who did the encryption. Anyway, I was hoping Microsoft provided more details that I somehow missed... – c00000fd Jun 25 '16 at 22:25

0 Answers0