1

I have a program that uses the .NET method ProtectedData.Protect to encrypt a password using DataProtectionScope.LocalMachine. I have the decrypted password. From what it looks like the encryption algorithm is TripleDES.

I would like to use Python+Pycrypto to decrypt this password, but I'm not sure what the IV is. Is it reasonably possible to figure out what the IV is and decrypt the PW with Pycrypto?

Community
  • 1
  • 1
Wayne Werner
  • 49,299
  • 29
  • 200
  • 290
  • the IV should be stored alongside the ciphertext, or otherwise somewhere accessible. Without IV, *nobody* can decrypt it regardless of whether they have the key. Provided the mode of operation requires an IV. –  Jan 17 '14 at 21:45
  • @delnan, I'm sure Microsoft stores it somewhere arcane. – Wayne Werner Jan 17 '14 at 21:46
  • But it must be accessible if one knows where to look, and obscurity virtually never stops resourceful attackers. –  Jan 17 '14 at 21:47
  • Keep in mind the algorithm may be "salted" with additional enthropy (another argument for this method). This essentially gives an additional secret key. – DarkWanderer Jan 17 '14 at 22:00

0 Answers0