Re: Secure Storage of Secrets in Windows

olafBIGRED.INKA.DE

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: arkth: "tcsh overflow"
• Previous message: Morrill, Ralph: "Research question"
• Maybe in reply to: Aleph One: "Secure Storage of Secrets in Windows"
• Next in thread: Eivind Eklund: "Re: Secure Storage of Secrets in Windows"

> The Win32 API provides such service. Although in the past it was found
> that its encryption was rather weak Microsoft claims to have fixed it,
> no one else has claimed otherwise, and its better than nothing.

Since this allows the encryption of user data and Microsoft ist U.S.
based , the algorithm _must_ be weak. Otherwise they could have used
just RC4 with the password as key instead of RC4 with a 32 bit(!)
hash of the password. This is not Microsoft stupidity but U.S.
government stupidity.

With today's CPU power 32 bit of key is not better than nothing.
I could brute force that in one week with my single PC.

Olaf

• Next message: arkth: "tcsh overflow"
• Previous message: Morrill, Ralph: "Research question"
• Maybe in reply to: Aleph One: "Secure Storage of Secrets in Windows"
• Next in thread: Eivind Eklund: "Re: Secure Storage of Secrets in Windows"