17Eyl
DPAPI offline attack by cracking windows password?
I'm thinking of using DPAPI to protect configuration file information in my program. After doing some reading on it, it looks like it uses the user's Windows password as part of the encryption process. Now, I've heard that there are tools (like Hieren's boot disk) that can crack Windows passwords "easily". Can DPAPI be counted on for any kind of security in the event that an attacker has physical access to the hard disk and the Windows password is decently complex? (Uppercase, lowercase, number, symbol 8+ length)
