Which encryption algorithm does the ProtectData class use?

Question

I'm aware that the ProtectedData class ends up calling Windows's Data Protection API (DPAPI). The documentation on the DPAPI function provides details like where the key is stored, who can decrypt the data, etc. However, I haven't been able to find any documentation on what the actual underlying encryption algorithm is. (I need to know the details of the protection method for security documentation for an upcoming audit). Is this just using AES or something like that? How secure is this?

Answer 1

DPAPI uses Triple-DES.

• It uses proven cryptographic routines, such as the strong Triple-DES algorithm in CBC mode, the strong SHA-1 algorithm, and the PBKDF2 password-based key derivation routine.
• It uses proven cryptographic constructs to protect data. All critical data is cryptographically integrity protected, and secret data is wrapped by using standard methods.
• It uses large secret sizes to greatly reduce the possibility of brute-force attacks to compromise the secrets.
• It uses PBKDF2 with 4000 iterations to increase the work factor of an adversary trying to compromise the password.
• It sanity checks MasterKey expiration dates.
• It protects all required network communication with Domain Controllers by using mutually authenticated and privacy protected RPC channels.
• It minimizes the risk of exposing any secrets, by never writing them to disk and minimizing their exposure in swappable RAM.
• It requires Administrator privileges to make any modifications to the DPAPI parameters in the registry.
• It uses Windows File Protection to help protect all critical DLLs from online changes even by processes with Administrator privileges.

DPAPI initially generates a strong key called a MasterKey, which is protected by the user's password. DPAPI uses a standard cryptographic process called Password-Based Key Derivation, described in PKCS #5, to generate a key from the password. This password-derived key is then used with Triple-DES to encrypt the MasterKey, which is finally stored in the user's profile directory.

However, according to Passcape, DPAPI uses AES256. Atleast on Windows 7.

• DPAPI uses proven cryptographic algorithms. For example, Windows 7 by default uses the AES256 encryption in the CBC mode, SHA512 for hashing and PBKDF2 as password-based key derivation routine.