> The Win32 API provides such service. Although in the past it was found > that its encryption was rather weak Microsoft claims to have fixed it, > no one else has claimed otherwise, and its better than nothing. Since this allows the encryption of user data and Microsoft ist U.S. based , the algorithm _must_ be weak. Otherwise they could have used just RC4 with the password as key instead of RC4 with a 32 bit(!) hash of the password. This is not Microsoft stupidity but U.S. government stupidity. With today's CPU power 32 bit of key is not better than nothing. I could brute force that in one week with my single PC. Olaf
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:46:10 PDT