> From: Varga Daniel (QI/RZS4) * [mailto:Daniel.Vargade.bosch.com]

> An MS-Engineer assured me that it would be incredibly hard for an
> attacker to get these keys

Hmm.. it depends on a lot of things, not least what you're running. It's way
overdue, but there's now a useful overview of the DPAPI used for storing
private key blobs on WinXP here (URL will wrap):

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/ht
ml/windataprotection-dpapi.asp

A lot of that still applies to Win2K, but if you have that OS then please
don't overlook this part:

 "One feature we do not discuss is that DPAPI can be configured to operate
with a Windows 2000 server in a legacy mode. In this mode, it is possible to
backup the MasterKeys under a local LSA secret. The MasterKeys, along with
the LSA, and any protected data can then be stolen by an adversary and
decrypted at will. For this to occur, however, an Administrator must modify
the registry to configure DPAPI for this legacy mode."

Perhaps someone knows different, but I've long assumed these backup
MasterKeys (used to automagically recover from certain password reset
events) are why that old chntpw/EFS attack worked.

-Alan-

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]