Small Crypt/DecryptString function for Windows using CryptProtectData

-
Small Crypt/DecryptString function for Windows using CryptProtectData

http://lookinside.free.fr/delphi.php?Cryptage

https://msdn.microsoft.com/fr-fr/library/windows/desktop/aa380261(v=vs.85).aspx
http://lookinside.free.fr/delphi.php?Cryptage

Comments

  1. A. BouchezJune 6, 2018 at 11:43 AM

    We have made our own Cross-Platform version of those, which are more secure (for several reasons, e.g. using known and proven algorithms in a not obfuscated pattern from outside a patriot act country), and 100x faster. See https://synopse.info/files/html/api-1.18/SynCrypto.html#CRYPTDATAFORCURRENTUSER
    We use it e.g. to cypher any master key resident in memory, to avoid forensic leaks.

    ReplyDelete
  2. A. BouchezJune 6, 2018 at 11:44 AM

    About the actual security of those functions. DPAPI has been closely reverse engineered - see e.g. https://www.passcape.com/index.php?section=docsys&cmd=details&id=28

    ReplyDelete
  3. Joe C. HechtJune 11, 2018 at 10:52 AM

    Suggested test data string: "only for light weight protection" (:

    ReplyDelete
  4. Marion CandauJune 15, 2018 at 2:36 AM

    Alors tout d'abord, on dit chiffrer et pas crypter ;-) chiffrer.info - Chiffrer.info
    Savez-vous quel algorithme de chiffrement est utilisé ? Je ne trouve pas l'info dans la doc Windows. On ne sait pas non plus comment est dérivée la clé à partir des données utilisateurs. Je trouve que c'est compliqué de faire confiance à une telle fonction avec si peu d'infos.

    ReplyDelete
  5. Paul TOTHJune 15, 2018 at 2:43 AM

    Marion Candau ok, but it's an english forum (even my bad english is better than french) ;) I suppose that the internal depends of the Windows version, and the purpose of my unit is to provide an easy to use existing implementation...if security is a important point, perhaps Windows is not the good OS to use ;) Like Speck for Linux, I think it's better to trust this function then XOR for instance :)

    ReplyDelete
  6. Joe C. HechtJune 15, 2018 at 3:29 AM

    Paul TOTH - I agree. Some encryption is much better than none. The MS libs are fairly good. Your example demonstrates an easy implementation and fast results. It's a great example and a useful contribution. Thanks for posting it.

    ReplyDelete
  7. Tommi PramiJune 17, 2018 at 11:35 PM

    Is that persistent? Or Runtime only? or per user or per computer?

    ReplyDelete

Post a Comment