When storing connection passwords, MS RDP provides the ability to store the password as either clear text or to encrypt it.
Thr resulting node in the file looks like
<logonCredentials inherit="None">
<userName>USER</userName>
<domain>DOMAIN</domain>
<password storeAsClearText="False">AQAdERjHoAwE/Cl+sBAAAA(...)zh</password>
</logonCredentials>
I'm wondering how secure is that encryption, and if the file can be shared among coworkers without someone being able to easily guess the password.
I'm guessing "not much" but I couldn't find exactly how that encrypted chain is generated.
Any idea? Thanks!
Best Answer
I don't know how the RemoteDesktopManager does it, but I assume it would be the same as how it stores it in a .RDP file.
CryptProtectData which (with the settings they used for RDP) only allows the string to be decrpyted on the same machine as the one that encrypted it due to the fact that it uses the unique ID of the the windows install as part of the encryption processes (the CRYPTPROTECT_LOCAL_MACHINE flag). So yes a attacker could decrypt your password, but they could only do it on the machine that stored the password, they can not do a "offline" attack.
Note this is all for
.RDPfiles. I have no way of knowing if Remote Desktop Manager does the same thing.