I'm using the Windows DPAPI to encrypt some sensitive data for me. The cipher is stored in the registry. This all works well, but I was wondering if someone could clarify my understanding of the 'entropy' bytes that are (optionally) supplied to ProtectedData.Protect() in .NET.
The 'entropy' byte array appears to be analogous to an initialization vector or salt used with other cryptography schemes, but I could not see a good description of the entropy bytes in MSDN. The code samples I've seen just hard code in the entropy bytes!
Are the entropy bytes supplied to ProtectedData.Protect() & ProtectedData.Unprotect analogous to an IV or salt? Can the entropy bytes therefore be stored safely alongside the cipher, or would that compromise security?
DPAPI (Data Protection Application Programming Interface) is a simple cryptographic application programming interface available as a built-in component in Windows 2000 and later versions of Microsoft Windows operating systems.
The entropy parameter "is optional entropy provided by the application that will be added to the key derivation [...] By default, DPAPI already uses different entropy for each blob, so in practice adding additional entropy does not [bold added] improve encryption security.
DPAPI uses a standard cryptographic process called Password-Based Key Derivation to generate a key from the password. This password-derived key is then used with Triple-DES to encrypt the MasterKey, which is finally stored in the user's profile directory.
Entropy is a secondary key that is specific to the application that is protecting data. The general idea, if I remember correctly, was to allow multiple applications to encrypt data under a single user account, but still maintain security between each other. For example, Your application may encrypt data under UserA. If My application wished to decrypt that data under UserA, there really isn't anything to stop my from doing so, as the DPAPI uses the users key. However, if you factor in an application specific "entropy", then I would need to know your entropy to decrypt any data to protect for UserA.
Entropy could be considered analogous to salt, in that it is an additional key or secret used to further abstract the encrypted content. Unlike salt, your application's entropy would need to remain the same for every encryption operation under a given credential. With salt, its generally best to change it as often as you can.
Entropy is essentially an additional key, and it should be treated like any other cryptographic key. Keep it private and secure.
BTW, I think 'entropy' was an atrocious word to use for this purpose. Something like 'differentiator', or perhaps even coining a word like 'distinctifier', would have been better. :P Very confusing term use.
One use of additional entropy is to password protect the application itself. A key derived from the password can be used as entropy while storing application data. Otherwise any process running under the user's context may be able to decrypt the data. If you store the additional entropy instead of prompting for a password, it could still be targeted by a rogue application.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With