I'm using the Windows DPAPI to encrypt some sensitive data for me. The cipher is stored in the registry. This all works well, but I was wondering if someone could clarify my understanding of the 'entropy' bytes that are (optionally) supplied to ProtectedData.Protect() in .NET.
The 'entropy' byte array appears to be analogous to an initialization vector or salt used with other cryptography schemes, but I could not see a good description of the entropy bytes in MSDN. The code samples I've seen just hard code in the entropy bytes!
Are the entropy bytes supplied to ProtectedData.Protect() & ProtectedData.Unprotect analogous to an IV or salt? Can the entropy bytes therefore be stored safely alongside the cipher, or would that compromise security?
Entropy is a secondary key that is specific to the application that is protecting data. The general idea, if I remember correctly, was to allow multiple applications to encrypt data under a single user account, but still maintain security between each other. For example, Your application may encrypt data under UserA. If My application wished to decrypt that data under UserA, there really isn't anything to stop my from doing so, as the DPAPI uses the users key. However, if you factor in an application specific "entropy", then I would need to know your entropy to decrypt any data to protect for UserA.
Entropy could be considered analogous to salt, in that it is an additional key or secret used to further abstract the encrypted content. Unlike salt, your application's entropy would need to remain the same for every encryption operation under a given credential. With salt, its generally best to change it as often as you can.
Entropy is essentially an additional key, and it should be treated like any other cryptographic key. Keep it private and secure.
BTW, I think 'entropy' was an atrocious word to use for this purpose. Something like 'differentiator', or perhaps even coining a word like 'distinctifier', would have been better. :P Very confusing term use.
It's useful if you want to password protect the application itself. The password (or another key generated and encrypted with the password so that application data doesn't need to be re-enceypted when the password is changed) can be used as entropy while storing application data.