On Wednesday 13 April 2005 12:16, Alexandre Julliard wrote:
I don't understand while you come up with such an elaborate scheme of storing things in the registry when it's clearly not the way this thing is supposed to work. If you can't figure out what Windows does, then just xoring the data with 0xdeadbeef or something like this would be at least as secure as your solution, and would actually be much closer to the proper behavior.
What Windows does is described in detail at: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/ht...
Besides the complicated (and in my opinion braindead) procedure for key backup and restauration, it all basically melts down to the following (simplified):
When a user logs in to the system a hash of his password is computed. This hash is kept in memory in a system service called "Local Security Authority". CryptProtectData/CryptUnprotectData asks the LSA via RPC to en/de-crypt data using this hash as a symmetric key on behalf of the user.
Since the unix/linux login process doesn't provide such a functionality, this is not easy to replicate. I like Mike McCormacks' idea to apply "ssh-agent", but I didn't look into it in detail.
Bye, -- Michael Jung mjung@iss.tu-darmstadt.de