dpapi
3 posts tagged dpapi.
-
Beyond BitLocker: The Three File-Level Encryption Layers Microsoft Hides in Plain Sight
BitLocker is one layer of four. EFS, Personal Data Encryption, and Purview sensitivity labels close gaps BitLocker structurally cannot -- three roots, three threat models, by design.
-
DPAPI and DPAPI-NG: The Credential Vault Under Everything
A 25-year tour of Windows Data Protection API: the four-stage classic chain, the 2012 DPAPI-NG redesign, the KDS root key, and the five structural ceilings the design cannot close.
-
Edge's Two Password Cryptographies: A Beautiful PSI on the Wire, and Plaintext RAM by Design
Microsoft Edge ships a homomorphic-encryption PSI for breach checking and decrypts every saved password into process RAM at launch. Both designs are deliberate. They defend different threat models.