How secure is ProtectedData.Protect (DPAPI)?

Question

Suppose someone gets access all of my hard disk, I guess the weak spot would be my windows password. Without knowing/being able to retrieve that, the data should be pretty m

Answer 1

EFS uses DPAPI, not the other way around. And Administrator can't read your key just like that.

Before forgetting about DPAPI, I would consider the alternatives. If you encrypt the file yourself,

1. You must select a strong algorithm and implement it well.
2. You will need a key. Where will it be ?
3. You will store the key in a file somewhere on your drive.
4. That key is sensitive, obviously, you will want to encrypt it
5. Goto 1

DPAPI does 1 to 3 well. 4 and 5 are moot. If a Windows password is not enough to protect data, ask yourself why it is enough to CRUD that data in the first place.

For better security, you can consider not saving the data but a (salted) hash of it, if possible. It makes your data write only, though. For example, if you want to verify a customer license number :

• Save a salted hash value of it
• Run the same hash on the salted license number you want to verify,
• Compare the two. It they match, the license is valid.

If you must read back encrypted data and a locally encrypted key is not enough, consider encrypting your application key (step 2 above) with a private key stored on a smart card.

Either way, remember that things happens. You always need a backup key somewhere.