UNIX Password Security - Ten Years Later
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
A convenient method for securely managing passwords
WWW '05 Proceedings of the 14th international conference on World Wide Web
Password Cracking Using Probabilistic Context-Free Grammars
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Hi-index | 0.00 |
In this paper we present the result of our reverse-engineering of DPAPI, the Windows API for safe data storage on disk. Understanding DPAPI was the major roadblock preventing alternative systems such as Linux from reading Windows Encrypting File System (EFS) files. Our analysis of DPAPI reveals how an attacker can leverage DPAPI design choices to gain a nearly silent backdoor. We also found a way to recover all previous passwords used by any user on a system. We implement DPAPI data decryption and previous password extraction in a free tool called DPAPIck. Finally, we propose a backwards compatible scheme that addresses the issue of previous password recovery.