Protected storage (PStore) uses a lower-quality cryptographic function when the system locale is set to French (France) on a Microsoft Windows-based computer. Data Protection API (DPAPI) functions are not affected.
This issue occurs because Microsoft implemented the PStore feature in Windows during the 1990s when French law prohibited the supply of products that contain encryption capabilities without prior authorization from the French government. The French review process was very detailed and would have led to a significant delay for the release of Windows in France. To make sure that the product was available to the French market in a synchronized manner with all locales, Microsoft chose to disable the encryption of Protected Storage by using a single, fixed encryption key for the French locale. With the relaxation of French encryption regulations late in 1999, the fixed encryption key for PStore is no longer necessary for the French locale. However, the fixed encryption key has not been removed from PStore.
September 25th, 2008 § 0 comments