On Mon, May 6, 2013 at 9:45 AM, David Connors <[email protected]> wrote:
> On Mon, May 6, 2013 at 9:12 AM, David Connors <[email protected]> wrote: > >> It is like the crypto API stores app passwords encrypted with your logon >> password ... but I can't imagine Windows would be that retarded. >> > > Turns out it is: > http://blogs.msdn.com/b/shawnfa/archive/2004/05/05/126825.aspx > > Except the magic 'password change events' mentioned in that article do not > exist in my world. > I figured this out in the end. The problem is that DPAPI does encrypt everything using your password. It decrypts and re-encrypts everything when your password changes by way of an event it detects and responds to. The fail here is that I always change my password on expiration as a part of connecting to the company VPN, and as that password change happens server-side in the VPN server my PC is never aware of it. The architecture of DPAPI is a bit useless in a corporate environment where you are always remote I guess. David Connors [email protected] | M +61 417 189 363 Download my v-card: https://www.codify.com/cards/davidconnors Follow me on Twitter: https://www.twitter.com/davidconnors Connect with me on LinkedIn: http://au.linkedin.com/in/davidjohnconnors
