Home > Information > Blog > Show blog article
Show blog article
01.03.2024
New blog post
Dumping the history of users' IP addresses in Windows
20.02.2024
Reset Windows Password v14.1
IP addresses history viewer, fast disk search, local security editor and some more
02.01.2024
Wireless Password Recovery v6.9.0
A revision of the GPU health monitor along with some minor updates
23.12.2023
HAPPY NEW YEAR!
Happy New Year greetings and holidays discount

Articles and video

You may find it helpful to read our articles on Windows security and password recovery examples. Video section contains a number of movies about our programs in action

Decrypting Windows CardSpace

22:43:15 10.12.2009 posted by Passcape_Admin at 22:43:15 10.12.2009

What is Windows CardSpace

Windows CardSpace is an industry-standard solution for managing user's identity in the Internet. In other words, Windows CardSpace is a simple and secure way to identify users, not requiring them to enter their user names and passwords again and again, while they travel between Web resources. The identification meta-system, adopted by major software vendors, may become a crucial step forward. Taking into account the actuality of security concerns, Microsoft makes significant efforts to propagate its popularity. Unlike the earlier unified identification technologies (e.g., Microsoft Passport) Windows CardSpace manages directly the users and applications that are to be contacted. In other words, diverse schemes and levels of difficulty can be used for the access identification; e.g., when registering with Web forums or for online banking.

Windows CardSpace support is implemented in .Net Framework 3.0. Microsoft employees have also set out their plans in regards to the development of their identification technologies. After the release of their Longhorn Server, which is scheduled for the end of 2007, the corporation is planning to release the Security Token Service technology, intended for the integration to Active Directory. Security Token Service is a little resource consuming gateway, running under the WS-Trust specification for servers and clients, which functions as a mediator when exchanging security markers like Kerberos, SAML, etc. According to Microsoft, the foundations for their identification platform - Identity Metasystem - are Active Directory and Microsoft Identity Integration Server (the latter one is to be built into Windows). With time, in these two products the corporation is going to implement the support of strong credential data (such as smartcards), access management, single point of entry, unified identification, protection of information rights, process audit and automation.

On the application level, Windows CardSpace is a pane of identification cards that can be used for authenticating user on diverse online resources. The selector points at the type of credentials necessary for accessing to each of the resources.
Windows CardSpace gives user the access to creating and managing his Information Cards (or simply InfoCards). Just like one's personal information certified, for example, by the person's driver's license, passport or credit card, InfoCards is a data set certified by the publisher's digital signature.

Find more information on Windows CardSpace at Wikipedia site.

 

Personal Information Card

Personal Information Card is a type of InfoCard, which user creates on his own and where he records his personal data. That's why Personal Information Card is often called a 'Self-issued Card'. Unlike a Managed Card, a Personal Information Card, along with its data, is stored locally, in a special encrypted storage. Personal Information Card contains a permanent set of personal data, which cannot be expanded. Along with the set of private data, Personal Information Card includes general information (version of InfoCard, date issued and updated, current state and status, etc.), Uniform Identifier and Master Key for encrypting private data and generating cryptographic keys. Please note that user can set additional protection with a PIN - the InfoCard password.

Personal Information Card data encryption and storage methods deserve a closer look, mainly due to the great number of tricks used for protecting the data.
To begin, InfoCard storage is a locked folder inside user's profile, the access to which is denied for everyone, (including the Administrator), except for the system itself. Path to Vista CardSpace normally looks like this: C:Users%USERNAME%AppDataRoaming MicrosoftCardSpace. This folder contains two files:
CardSpace.db - primary storage for all user's cards.
CardSpace.db.shadow - reserve storage used during card addition, removal operations, etc.

 

Windows CardSpace encryption

Windows CardSpace encryption is carried out according to the Master Key principle. In other words, to decrypt Windows CardSpace, one will have to decrypt its (Master) key first, which will be used as the primary material for decrypting the cards later on. Windows CardSpace Master Key's intriguing feature is that decrypting it takes two steps: using current user's DPAPI first, then using the system's DPAPI. Thus, Windows CardSpace is bound not only to current user but also to the operating system.

Windows CardSpace Master Key, in its turn, participates in the decryption of all cards. Each card stored inside Windows CardSpace consists of three objects:

  1. InfoCard public data, which stores the card's system data; e.g., card version, its name and creation/installation/modification date, uniform identifier, logo, etc.
  2. InfoCard private data. This object, just like a phone book, stores most frequently used claims. In Personal InfoCard, this set is also permanent. It doesn't contain passwords, account information or credit card numbers, thus minimizing the risk of disclosing user's confidential data. All InfoCard private data encrypted with InfoCard PIN.
  3. InfoCard Master Key. InfoCard Master Key (set of random data) used for generating public/private key-pair used for signing and for encrypting InfoCard private data, if the card is pin-locked.

InfoCard private data encrypted with user password (InfoCard PIN). But what happens if the PIN is lost or forgotten? Fortunately, there is a solution for recovering InfoCard PIN. The bad news is it's extremely hard, if at all possible, to recover it in the most difficult cases (long or tricky PIN). Nevertheless, let's take a look at this process in the Network Password Recovery Wizard.
The linear scheme of decrypting InfoCard private data with an unknown PIN can be split into 7 major stages of the Wizard:

  1. Select data source - CardSpace vs CardSpace Backup.
  2. Read and decrypt system credentials.
  3. Decrypt system's Master Key.
  4. Decrypt user's (data owner) Master Key.
  5. Decrypt InfoCard public data. Select the card.
  6. Recover InfoCard PIN.
  7. Decrypt InfoCard private data if the previous step was a success.

* Steps 2-4 of the application's Wizard are not available in the automatic mode.

Network Password Recovery Wizard
 

 
Rating
Current rating RatingRatingRatingRatingRating
Avarage rating Ø 0.00
Number of votes 0
Your vote Rate this message: 1Rate this message: 2Rate this message: 3Rate this message: 4Rate this message: 5Rate this message: 6Rate this message: 7Rate this message: 8Rate this message: 9Rate this message: 10

Comments

There are no comments existing at the moment.
Add comment

Spamprotection