Geek Answers Handbook

Safe storage of additional entropy when using DPAPI

So, I am trying to save a symmetric key using DPAPI. Everything is fine and good, but what to do with entropy? This answer to the question here really does not provide enough understanding. It looks like a slippery slope - I could use a machine store to store entropy, but then, what prevents someone from getting this? Note. I save the current key using the user area.

So my question is: what is the best way to store entropy using DPAPI?

+7
c # entropy encryption-symmetric dpapi
source share
2 answers

Everything that you store locally can be compromised. But there are steps you can take to complicate the situation. The Password Handling document has a document that you can review. You consider your Entropy key key for your application.

I will refer to your Entropy as your Key, as this is a functionally additional key.

What you do not want to do is save your key locally in an unencrypted format. Instead, you want to either encrypt your key or get it from another, obvious source. Of course, if you encrypt the key, then you need to save the key used to encrypt it, but often this single level of indirection is enough to discourage most opponents.

That would be an advantage in getting your key. You could get it as a hash of some other piece of persistent data (this should be something that doesn't change with your application changes). One trick when deriving a hash is to combine the hash with some other constant value (like a GUID or a large random number) so that someone else cannot just combine the known hash algorithm and get your key. This is a much better alternative to creating your own hashing algorithm (which you should never do if you don't have PHD in math).

At some point, you will need some kind of key that is hardcoded in your application. This key is either combined with some other data in the hash to create your Entropy Key, or used to decrypt the entropy key. In fact, you may have a key change with the new version of your application if you keep the old key to decrypt the existing key. You can then re-encrypt it with a new key or method.

If you need better security, you can save the Entropy key from your computer. This will require an Internet connection and an SSL certificate, but after that the key is never saved in local mode. To do this, you can configure a more reliable system for responding to a request so that the authentication of the request is different every time, and the key is delivered via SSL encryption, so it cannot be intercepted. Once a key is used, it is discarded. Of course, this view hits the target of many scenarios in which you use DPAPI for local secure storage.

No matter what you do, keep in mind that this will be compromised - this always happens when someone has full access to the local computer and the data stored on it. The solution is to continue to release updates that change the method enough so that the old crack no longer works. This will make the crack distribution less valuable since it will be difficult to find it for the correct version.

+6
source share

First, let me consider the original question. This boils down to the fact that entropy should be stored in accordance with the userโ€™s authority and / or the applicationโ€™s authority, if it will be used to save the storage. I suppose you could use the key stored in the application to encrypt the information in the stored repository, but again the malicious application will be able to access this encryption key. So, I donโ€™t feel that there is a means of protection from the script that you mention in the comments. However, given what you said is the intended use of entropy, I donโ€™t feel it helps in solving your problem.

It seems that the actual problem is establishing a secure communication channel between your client application and the server. In your design, you exchange keys that will be used to encrypt communications. I think trying to use custom code to solve this problem will lead to additional security vulnerabilities.

Given all this, I would suggest creating a WCF (Windows Communication Foundation) service, which is used to extract confidential information. Obviously, it can be used to extract all the information, but the least amount of changes will be to restrict the service to confidential information.

With WCF, you can configure both the client and the server to use a secure channel. WCF has many features to establish a secure communication channel with the server.

<wsHttpBinding> <binding> <security mode="Transport"> <transport clientCredentialType="Windows" /> </security> </binding> </wsHttpBinding>

Once you have a secure channel, many other problems are easier, such as accessing CC data. If this data is sent over a secure channel, this becomes an authorization problem instead of channel protection.

See How to create a secure session for more information .

0
source share

More articles:


All Articles