3

I have encrypted part of my web.config file using the Data Protection API.

Now, my question is, what does a hacker need in order to decrypt the web.config file?

Does he require physical access to the machine in order to decrypt it? Or can he decrypt it from a remote location?

Adi
  • 43,953
  • 16
  • 137
  • 168
Matthew
  • 631
  • 2
  • 11
  • 18

2 Answers2

7

It depends.

  • If the attacker gains access to your web.config alone, then he's not able to decrypt it without the key, which we're assuming he doesn't possess.

  • If you've set useMachineProtection to true in your DpapiProtectedConfigurationProvider configurations, and the attacker gains access to your machine (remote or not) with any account, then any process running on the machine could decrypt the web.config file, including anything the attacker could run.

  • If you've set useMachineProtection to false in your DpapiProtectedConfigurationProvider configurations, then the attacker needs access to the user account used for the process (remote or not).

You need to know that DPAPI provides password-based protection. So, assuming you're using option #3, then even if the attacker gains physical access to the machine, they still need the account's password to decrypt encryption keys which will decrypt the data. Of course, the attacker can easily reset the password, but that would render the encrypted keys useless and leaves your data inaccessible.

Note that until .Net 3.5 SP1, useMachineProtection is set to true (bad) by default. I have no information on later versions.

Update: .Net 4.0 uses the default value true for useMachineProtection as well.

Adi
  • 43,953
  • 16
  • 137
  • 168
  • Thank you so much for your detailed answer :) I appreciate the time that you took in order to answer my question :) Thank you :) – Matthew Jul 23 '13 at 16:40
  • Consider using [RsaProtectedConfigurationProvider](https://msdn.microsoft.com/en-us/library/ff650304.aspx). Unlike DPAPI, machine-wide RSA key containers can be ACL'd to specific users. – bdeem Mar 07 '17 at 21:03
  • @Matthew I would just add that using Mimikatz you are able to get to DPAPI hash and decrypt the data without user password. It can be done offline. Also, a remote exploit on target machine might expose DPAPI hash if attacker gains sufficiently large (debug) permissions on the target machine. See [this](https://security.stackexchange.com/questions/2243/how-can-i-mitigate-the-threat-that-dpapick-poses-to-my-dpapi-protected-data), [this](http://blog.digital-forensics.it/2015/01/happy-dpapi.html) and [this](https://www.elie.net/publication/reversing-dpapi-and-stealing-windows-secrets-offline). – Marko Vodopija May 11 '17 at 08:56
3

I'm assuming that you are working in .Net or perhaps lower level like C++. From having recently consumed those APIs here is what I would recommend.

There are 2 Protected Configuration Providers available, DPAPI (more appropriate for client side desktop applications) and the RSA Provider. The latter is more appropriate for encrypting web.configs as this is a public key configuration where only the ASP.NET service has the private key to decrypt the data, this can be scoped at both user and machine, similar to DPAPI.

Here is an old but sound walkthrough of it in ASP.Net. Apologies if you are not using .Net, it was unclear. Still though I think the RSA provider is the correct way to go here.

With regards to breaking the DPAPI encryption, yes most of the attacks would need to be orchestrated on the target machine, usually involving either an attempt at the password SAM files or password reset scripts targeted at systems admins. Related conference paper - breaking DPAPI offline : BlackHat 2010.

JoeKir
  • 129
  • 5
  • Thank you so much for your answer :) I appreciate it immensely :) Yes, I am using the .NET framework. More specifically, the project is an ASP.NET website with C# as the code-behind. – Matthew Jul 23 '13 at 16:41