[xmlsec] RE: X509 data not reloaded from keys file

Aleksey Sanin aleksey@aleksey.com
Fri, 21 Mar 2003 13:17:11 -0800


>
>
>I'm using Microsoft's data
>protection API (DPAPI) to encrypt the document. If it works as advertised,
>it should only be feasible to decrypt it 1) on the machine it was encrypted
>on 2) with secondary entropy known only to my app. 
>
I did not look at this api but from general security point of view, I 
doubt the
first statement unless there is a crypto *hardware* support (which is 
not the case
on a general i386 box). It's only a matter of time, resources and will 
to hack it.

Aleksey