安全性如何ProtectedData.Protect(DPAPI)? [英] How secure is ProtectedData.Protect (DPAPI)?
问题描述
假如有人被访问所有的我的硬盘,我猜的弱点将是我的Windows密码。不知道/能够检索,数据应该是pretty的多安全,不应该吗?
Suppose someone gets access all of my hard disk, I guess the weak spot would be my windows password. Without knowing/being able to retrieve that, the data should be pretty much safe, shouldn't it?
我问的特别,因为<一href="http://en.wikipedia.org/wiki/Encrypting_File_System#Decrypting_files_using_the_local_Administrator_account">EFS进入在维基其中指出,
I'm asking specifically because of the EFS entry in wikipedia which states that
在Windows 2000中,本地管理员是默认的数据恢复代理,能够通过任何本地用户解密使用EFS加密的所有文件。
In Windows 2000, the local administrator is the default Data Recovery Agent, capable of decrypting all files encrypted with EFS by any local user.
和EFS恰巧使用DPAPI。正因为此,在相同的应用到自己的数据使用这种保护:
and EFS happens to use DPAPI. So does the same apply to my own data protected using this:
ProtectedData.Protect(plain, null, DataProtectionScope.CurrentUser);
如果这确实是这样的,我怎么会prevent呢?
And if that is indeed the case, how could I prevent it?
N.B.我想保存凭据的WinForms应用程序,使用户不必每次登录时都必须输入密码。换句话说,如果有人能够登录的用户(即知道用户密码),那么他们可能也可以读取加密数据。
N.B. I'm trying to store credentials for a winforms app so that the user does not have to enter their password every time they login. In other words, if someone is able to login as that user (i.e. know the user password), then they might as well be able read the encrypted data.
这 - 不是从一个窗口背景的 - 现在让我不知道 - 不能在本地管理员身份登录任何本地用户呢?在这种情况下,我不应该关心管理员能够反正找回密码...
Which - not coming from a windows background - now makes me wonder - can't the local admin login as any local user anyway? In that case I shouldn't be concerned about the admin being able to retrieve passwords anyway...
作为谷歌透露,它看起来像一个管理员的不能只需登录任何用户无需重新设定/先更改密码。所以我的问题还是显得有关...
As google reveals, it looks like an Administrator cannot just login as any user without resetting/changing their password first. So my question still seems relevant...
推荐答案
EFS使用DPAPI,而不是其他的方式。而管理员无法读取你的关键就是这样。
EFS uses DPAPI, not the other way around. And Administrator can't read your key just like that.
在忘记了DPAPI,我会考虑的替代方案。如果你自己加密的文件,
Before forgetting about DPAPI, I would consider the alternatives. If you encrypt the file yourself,
- 您必须选择一个强大的算法和实现它做好。
- 您将需要一个关键。它会在哪里呢?
- 您将会在某处存储在一个文件中的关键驱动器上。
- 在这关键是敏感的,很明显,你会希望它加密
- 转到1
DPAPI做1至3井。 4和5是没有实际意义。如果Windows密码是不够的,保护数据,问自己,为什么就足以 CRUD 该数据位居第一。
DPAPI does 1 to 3 well. 4 and 5 are moot. If a Windows password is not enough to protect data, ask yourself why it is enough to CRUD that data in the first place.
为了更好的安全性,可以考虑不保存数据,但它的(咸)哈希值,如果可能的话。它使你的数据只写,虽然。例如,如果您想验证客户许可证号:
For better security, you can consider not saving the data but a (salted) hash of it, if possible. It makes your data write only, though. For example, if you want to verify a customer license number :
- 保存它的盐渍哈希值
- 运行相同的哈希你要验证的盐渍许可证号,
- 在比较两个。它匹配,许可证的有效期。
如果你必须回读加密数据和本地加密的密钥是不够的,考虑加密你的应用程序键(上述步骤2)与存储在智能卡上的私有密钥。
If you must read back encrypted data and a locally encrypted key is not enough, consider encrypting your application key (step 2 above) with a private key stored on a smart card.
无论哪种方式,记住的事情发生。你总是需要一个备份密钥的地方。
Either way, remember that things happens. You always need a backup key somewhere.
这篇关于安全性如何ProtectedData.Protect(DPAPI)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
