tags:

views:

259

answers:

1
+1  Q: 

Windows DPAPI - what to do with entropy?

I'm using the Windows DPAPI to encrypt some sensitive data for me. The cipher is stored in the registry. This all works well, but I was wondering if someone could clarify my understanding of the 'entropy' bytes that are (optionally) supplied to ProtectedData.Protect() in .NET.

The 'entropy' byte array appears to be analogous to an initialization vector or salt used with other cryptography schemes, but I could not see a good description of the entropy bytes in MSDN. The code samples I've seen just hard code in the entropy bytes!

Are the entropy bytes supplied to ProtectedData.Protect() & ProtectedData.Unprotect analogous to an IV or salt? Can the entropy bytes therefore be stored safely alongside the cipher, or would that compromise security?

+3  A: 

Entropy is a secondary key that is specific to the application that is protecting data. The general idea, if I remember correctly, was to allow multiple applications to encrypt data under a single user account, but still maintain security between each other. For example, Your application may encrypt data under UserA. If My application wished to decrypt that data under UserA, there really isn't anything to stop my from doing so, as the DPAPI uses the users key. However, if you factor in an application specific "entropy", then I would need to know your entropy to decrypt any data to protect for UserA.

Entropy could be considered analogous to salt, in that it is an additional key or secret used to further abstract the encrypted content. Unlike salt, your application's entropy would need to remain the same for every encryption operation under a given credential. With salt, its generally best to change it as often as you can.

Entropy is essentially an additional key, and it should be treated like any other cryptographic key. Keep it private and secure.

BTW, I think 'entropy' was an atrocious word to use for this purpose. Something like 'differentiator', or perhaps even coining a word like 'distinctifier', would have been better. :P Very confusing term use.

jrista  2009-08-25 04:26:54
Thanks, great answer. So I guess hardcoding the entropy into the app is not a complete disaster, but better to treat it like a key. Since I'm encrypting a key anyway, having another "key" to protect the key is becoming a bit crazy.
saille  2009-08-25 05:03:56
Aye, its a bit of a convoluted concept. But the security hole that "entropy" aims to plug is very real. Credential-specific encryption in windows is very convenient for the user, but it opens new opportunities for malicious programs to decrypt that data when they shouldn't. Also, don't assume that any "other" program is benign...malware that the user doesn't even know is on their system may try to probe for encrypted data that isn't entropic.
jrista  2009-08-25 15:44:15

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?