[EMAIL PROTECTED] wrote: > So far, I can only find tools to retrieve info in WinXP's Protected > Storage for the "current" user (e.g. pspr from elcomsoft, or C&A). > > However, there is no tools to retrieve other users' Protected Storage info > - assuming that I can login as local administrator. > > Is Protected Storage really that "save", and can prevent other users > (including admin users) on the same system from snooping in my secret > stored in the Protected Storage ?
The protected storage is encrypted with the user logon password. Even an administrator cannot gain access to another user's protected storage. However, he can gain access to the user password through other means (ex. pwdump + john). If an administrator try to reset a user password on Windows XP, he gets a message saying that all user secrets stored in protected storage will be lost. More info on : http://msdn.microsoft.com/library/en-us/dnsecure/html/windataprotection-dpapi.asp Regards, - Nicolas RUFF Security researcher @ EADS-CCR _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
