Home > Information > Blog > Show blog article
Show blog article
19.10.2017
New blog post
Farewell to Syskey!
11.10.2017
Wireless Password Recovery 4.2.5
Support for NVidia Volta
04.10.2017
Office password recovery tools
Support for new GPU devices, some improvements
22.09.2017
Reset Windows Password v8.0
Support for domain cached credentials, new bootable environment

Articles and video

You may find it helpful to read our articles on Windows security and password recovery examples. Video section contains a number of movies about our programs in action

Password encryption in Internet Explorer 10

09:52:27 24.10.2012 posted by Passcape_Admin at 09:52:27 24.10.2012

In connection with the upcoming release of Windows 8 and Internet Explorer 10, we start getting more questions on the safety of storing passwords in the new version of Internet Explorer. So, we have decided to give this matter some attention in our blog.

We have repeatedly expressed our opinion that the password protection in the new version of Internet Explorer will be worse, as the mechanism for storing passwords has changed. Why has the new protection algorithm become more vulnerable? Let's figure it out.

Passwords to websites in Internet Explorer 7-9 were stored in the registry and encrypted with user's DPAPI. But the protection was implemented in a very clever way; the encryption key was comprised of the source URL address. After that the URL of the website was wiped out from the system.

Let's consider an example to make it a bit clearer. For example, you have opened some website, registered with it, entered your password and saved it (or have the Auto Save Passwords setting enabled.) While saving the password, Internet Explorer (7, 8 or 9) encrypts it using DPAPI. For the encryption key it uses the original URL of the web page. Then the encrypted password is written into the registry, and the record on visiting the URL is deleted from the system.

Thus, the registry stores encrypted passwords, but it doesn't have the keys to decrypt them! We can get the encryption key only when we know the URL of the original website, i.e. when the resource is visited again. If a potential intruder steals the encrypted password from the registry, he will be unable to decrypt it (with all other limitations) until he gets the URL of the original website the record belongs to.

Quite smart and cunning, but the algorithm has not been patented by Microsoft, therefore, someone else must have already used it before :) Anyway, it no longer matters, as Internet Explorer 10 uses a different mechanism. All IE 10's passwords are now stored in Windows Vault, protected with the regular DPAPI, and can be easily recovered. At least, easier than in the previous three versions. Windows Vault is a new mechanism for private data storage, which is so lacking in Windows. Unfortunately, the Vault in Windows 8 features somewhat reduced functionality compared to the previous version used in Windows 7. All private entries of a Vault user can be found in his profile. By default, that's the folder
C:\Users\<USER_NAME>\AppData\Local\Microsoft\Vault\<VAULT_UID> , where
<USER_NAME> - user name
<VAULT_UID> - Vault identifier. By default, that's 4BF4C442-9B8A-41A0-B380-DD4A704DDB28.
Each IE10 password entry is presented by a file with the .vcrd (Vault Credential) extension; the encryption key is stored in the same folder.

The new version of Internet Explorer Password Recovery can decrypt Internet Explorer 10 passwords both in online and offline modes. I.e., you will be able to recover Internet Explorer passwords even from unbootable PC. IE 10's passwords of the currently logged on user are decrypted instantly without any restrictions or limitations.

So, Internet Explorer 10 password protection is just another piece of cake. The passwords can be decrypted approximately just as easily as Google Chrome ones. The best the enemy of the good.




 
Rating
Current rating RatingRatingRatingRatingRating
Avarage rating Ø 5.00
Number of votes 5
Your vote Rate this message: 1Rate this message: 2Rate this message: 3Rate this message: 4Rate this message: 5Rate this message: 6Rate this message: 7Rate this message: 8Rate this message: 9Rate this message: 10

Comments

about this
posted by Beginner at 12:48:23 17.05.2014
Thanks for information. Can u give me some example python code in win7
Passcape_Admin
RE: about this
posted by Passcape_Admin at 19:20:53 17.05.2014
No, unfortunately there's no python code available
mahdi
posted by mahdi at 04:41:41 24.10.2014
Thanks for information. Can u give me some example c/c++ code in win7
RE: Thanks for information
posted by Admin at 08:54:57 24.10.2014
You can do it using sources I stumpled somewhere in the net. Just google around for Vault APIs. But it works in online mode only. We use our own (private) code instead.
Add comment

Spamprotection