Re: [Passwordsafe-devel] SecureAllocator

[Edward E. <pas...@ed...>]

Noticed one more thing.

Steve Loughran wrote:
> 4. the only way to really hide this stuff is in a device driver. MS have a
> service in winXP for this purpose, but I havent explored it.

Are you talking about the Data Protection API in win2k and XP?  The 
keys used to store this data are derived from the user's system 
password.  That's a huge potential weak link, given both the ease of 
recovering Windows passwords and the generally poor password choices 
most people make.  Also, if an admin resets a user's password, any 
data he has stored becomes inaccessible (unless of course it was a 
poorly-chosen password :).

But DPAPI isn't really a service.  Did you mean the LSA?  That service 
has been around since NT 4 at least, but it's not any better.

Check out the book Writing Secure Code from MS Press (ISBN 
0-7356-1588-8).  It's got great win-specific security tips, and is 
pretty unbiased for a MS Press book.  The authors even admit:

"If the data being secured is high-risk...use Windows 9x/ME/CE ONLY if 
  you get an [encryption] key from a user or an external source."

In some areas they are a little too trusting, given MS's track record 
for bad security and cryptography.  Still, well worth owning if you 
plan to do any secure programming in Windows.

Ed