crypt32: CryptProtectData/CryptUnprotectData

Michael Jung mjung at
Wed May 4 06:54:03 CDT 2005

Hi Kees,

On Wednesday 04 May 2005 12:43, Alexandre Julliard wrote:
> Of course it
> would be even better to do true encryption with a hardcoded key; it
> still doesn't provide any security, but it's much closer to the
> desired end result, which makes it more likely that someone will be
> able to plug in the missing step.

Ok, I see.

gives a pretty good introduction on how to derive a key from a password using 
CryptoAPI. You should hash the following: 1.) A placeholder for the user's 
login password, 2.) the pszDescription parameter (if present) and 3.) the 
pEntropy (if present).

If you apply the user's login name as the placeholder for 1.) you are even 
closer to Windows in the sense that one user can't decrypt another users 
DATA_BLOB's. (Well, he can of course. But only with some hacking involved.)

Michael Jung
mjung at

More information about the wine-devel mailing list