Brute-Forcing a Chrome Login Data file

Information Security Asked by Safwan on October 12, 2020

Say I have a "Login Data" Chrome file that is encrypted with the user’s Windows password. Is there a way I can brute-force the file and try to decrypt it using every password possible?

One Answer

Since chrome v80, chrome encrypts cookies and passwords using AES256-GCM with a randomly generated key. The key used for encryption is then encrypted with DPAPI and stored in the 'Local State' file in the user's chrome profile. However, the DPAPI is used in Local_Machine scope which means that any user on the computer where the encryption was done can decrypt the data (i.e. encryption does not rely on user's password at all). I am not sure exactly how the master key for encryption on Local_Machine is derived, but if I remember correctly, it uses environment specific variables.

What this means is that if you only have the "Login Data" file available, you will have to brute-force the 256 bit AES key, which is currently practically impossible. Even if you can get your hands on the user's "Local State" file you will still not be able to decrypt the key unless you can figure out and obtain all the environment specific variables DPAPI relies on. Your best bet would be to gain physical access to the system while any user is logged on and then decrypt the passwords using something like ChromePass

Correct answer by nobody on October 12, 2020

Add your own answers!

Related Questions

with Apple user verification

0  Asked on November 8, 2021


Whom should I report spam emails to?

1  Asked on November 6, 2021


How to secure my PHP url endpoints

1  Asked on November 6, 2021


Is there any alternative to nmap for UDP?

3  Asked on November 6, 2021


Arp poisoning doesn’t work with HTTPS navigation

1  Asked on October 28, 2021 by user13105993


PHP Blind XXE Exploitation: Invalid URI in Entity

1  Asked on October 28, 2021 by user3207874


Ask a Question

Get help from others!

© 2022 All rights reserved. Sites we Love: PCI Database, MenuIva, UKBizDB, Menu Kuliner, Sharing RPP, SolveDir