ProtectedData.Protect(DPAPI)的安全性如何? [英] How secure is ProtectedData.Protect (DPAPI)?
问题描述
我是因为EFS条目,其中指出
在Windows 2000中,本地管理员是默认的数据恢复代理,能够解密任何本地用户使用EFS加密的所有文件。
而EFS恰好使用DPAPI。所以同样适用于我自己的使用这个数据的数据:
ProtectedData.Protect(plain,null,DataProtectionScope.CurrentUser);
如果确实如此,我该如何防止?
注意我正在尝试存储winforms应用程序的凭据,以便用户每次登录时都不必输入密码。换句话说,如果有人能够以该用户身份登录(即知道用户密码),那么他们也可以读取加密数据。
哪个 - 不是来自Windows的背景 - 现在让我想知道 - 无法本地管理员登录任何本地用户?在这种情况下,我不应该担心管理员能够检索密码...
[Edit2] 如谷歌所示,看起来像一个管理员不能只需要以任何用户身份登录,而不必首先重置/更改密码。所以我的问题仍然是相关的...
EFS使用DPAPI,而不是其他方式。并且管理员不能像这样读你的密钥。
在忘记DPAPI之前,我会考虑替代方案。如果您自己加密文件,
- 您必须选择一个强大的算法并实施。
- 你将需要一个钥匙。它会在哪里?
- 您将把密钥存储在驱动器上的某个文件中。
- 该密钥很敏感,很明显,您将要加密
-
- 转到1
DPAPI做1到3好。 4和5是不成立的。如果Windows密码不足以保护数据,请问自己为什么要 CRUD 数据首先。
为了更好的安全性,如果可能,您可以考虑不保存数据,但不能保存数据。它只会使您的数据写入。例如,如果您要验证客户许可证号码:
- 保存其盐渍哈希值
- 在您要验证的盐渍许可证号码上运行相同的哈希值,
- 比较两者。它们匹配,许可证有效。
如果您必须回读加密数据,本地加密密钥不够,请考虑加密您的应用程序密钥(上述步骤2),存储在智能卡上的私钥。
无论哪种方式,记住事情发生。你总是需要一个备份密钥。
Suppose someone gets access all of my hard disk, I guess the weak spot would be my windows password. Without knowing/being able to retrieve that, the data should be pretty much safe, shouldn't it?
I'm asking specifically because of the EFS entry in wikipedia which states that
In Windows 2000, the local administrator is the default Data Recovery Agent, capable of decrypting all files encrypted with EFS by any local user.
and EFS happens to use DPAPI. So does the same apply to my own data protected using this:
ProtectedData.Protect(plain, null, DataProtectionScope.CurrentUser);
And if that is indeed the case, how could I prevent it?
[Edit] N.B. I'm trying to store credentials for a winforms app so that the user does not have to enter their password every time they login. In other words, if someone is able to login as that user (i.e. know the user password), then they might as well be able read the encrypted data.
Which - not coming from a windows background - now makes me wonder - can't the local admin login as any local user anyway? In that case I shouldn't be concerned about the admin being able to retrieve passwords anyway...
[Edit2] As google reveals, it looks like an Administrator cannot just login as any user without resetting/changing their password first. So my question still seems relevant...
EFS uses DPAPI, not the other way around. And Administrator can't read your key just like that.
Before forgetting about DPAPI, I would consider the alternatives. If you encrypt the file yourself,
- You must select a strong algorithm and implement it well.
- You will need a key. Where will it be ?
- You will store the key in a file somewhere on your drive.
- That key is sensitive, obviously, you will want to encrypt it
- Goto 1
DPAPI does 1 to 3 well. 4 and 5 are moot. If a Windows password is not enough to protect data, ask yourself why it is enough to CRUD that data in the first place.
For better security, you can consider not saving the data but a (salted) hash of it, if possible. It makes your data write only, though. For example, if you want to verify a customer license number :
- Save a salted hash value of it
- Run the same hash on the salted license number you want to verify,
- Compare the two. It they match, the license is valid.
If you must read back encrypted data and a locally encrypted key is not enough, consider encrypting your application key (step 2 above) with a private key stored on a smart card.
Either way, remember that things happens. You always need a backup key somewhere.
这篇关于ProtectedData.Protect(DPAPI)的安全性如何?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
