3

I'm looking into using Windows' Data Protection API (DPAPI) to encrypt some data. One requirement I have is to use a Dynamic Salt when encrypting values.

I have noticed through testing that if I encrypt the same string multiple times, I get a different result. This is with using the same string, null Entropy value, and same scope.

This makes me FEEL as though there is a dynamic salt involved already. I am not seeing any documentation stating this.

Here is the method I am calling https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.protecteddata.protect?view=netframework-4.7.2 .

Does DPAPI handle dynamic salting already? If not, what is causing the encrypted values to change each time?

XenoPuTtSs
  • 1,254
  • 1
  • 11
  • 31

1 Answers1

3

The MasterKey, however, is not used explicitly to protect the data. Instead, a symmetric session key is generated based on the MasterKey, some random data, and any additional entropy, if an application chooses to supply it. It is this session key that is used to protect the data.

[...]

The session key is never stored. Instead, DPAPI stores the random data it used to generate the key in the opaque data BLOB. When the data BLOB is passed back in to DPAPI, the random data is used to re-derive the key and unprotect the data.

https://msdn.microsoft.com/en-us/library/ms995355.aspx

This random data included in the encrypted data acts as a salt.

The intention of the optionalEntropy parameter is to allow individual applications to protect themselves from other applications running under the same user account and is not required to increase the effectiveness of the salting already performed.

Dark Falcon
  • 43,592
  • 5
  • 83
  • 98
  • Isn't the MasterKey generated once, so the random data isn't different for each call to encrypt data? It seems like SessionKey and its random data is perhaps the Dynamic Salt. Would you agree with that, or do I not understand something about MasterKey? – XenoPuTtSs Feb 15 '19 at 18:12
  • 1
    Yes, the master key is generated once, but the random data mentioned there is *part of what is encrypted and is different for every encrypt call*. That is a salt. – Dark Falcon Feb 15 '19 at 18:14
  • 2
    AHH!! It clicks now! MasterKey is used to take "Random Data + Stuff to Encrypt". The data returned by that has the "Random Data" stored with it along with the encrypted value. This returned value is called "Protected Data BLOB". So in short, Yes DPAPI does the dynamic salting, and also that is how it is tracked! – XenoPuTtSs Feb 15 '19 at 18:17