Re: Security - Best Encryption Tool
From: Alek Davis (alek_xDOTx_davis_xATx_intel_xDOTx_com)
Date: 06/02/04
- Previous message: WJ: "Re: Security - Best Encryption Tool"
- In reply to: WJ: "Re: Security - Best Encryption Tool"
- Next in thread: WJ: "Re: Security - Best Encryption Tool"
- Reply: WJ: "Re: Security - Best Encryption Tool"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 2 Jun 2004 15:02:11 -0700
WJ wrote: "I like its [DPAPI] concepts of Machine Store for web applications
and User Store for windows form applications."
Machine Store is not safe. If a hacker manages to get the WRITE access to
any of the folders on a compromised machine, he can drop an application
there which will decrypt any setting encrypted using DPAPI with machine
store. This is not a very far-fetched scenario. DPAPI with user store for
Windows forms-based applications is probably the best option, assuming that
the application is always executed by the same user, which in our
(corporate) environment is not the case. From my experience, the best
candidates for DPAPI with user store are Windows services.
Alek
- Previous message: WJ: "Re: Security - Best Encryption Tool"
- In reply to: WJ: "Re: Security - Best Encryption Tool"
- Next in thread: WJ: "Re: Security - Best Encryption Tool"
- Reply: WJ: "Re: Security - Best Encryption Tool"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
