Criptografia PST do Outlook 2010 Algoirthm

Os PSTs não são criptografados da maneira que você pensa. Eles não usam um esquema de criptografia padrão, mas um esquema personalizado. Da especificação do PST. link

4.1 Strength of Encoded PST Data Blocks

This protocol uses two keyless cipher algorithms to encode the data blocks in the PST. These algorithms only provide data obfuscation and can be conveniently decoded once the exact encoding algorithm is understood.

Moreover, only end-user data blocks are encoded in the PST. All the other infrastructure information, including the header, allocation metadata pages and BTree pages are stored without obfuscation.

In summary, the strength of the encoded PST data blocks provides no additional security beyond data obfuscation.

4.2 Strength of PST Password

The PST Password, which is stored as a property value in the Message store, is a superficial mechanism that requires the client implementation to enforce the stored password. Because the password itself is not used as a key to the encoding and decoding cipher algorithms, it does not provide any security benefit to preventing the PST data to be read by unauthorized parties.

Moreover, the password is stored as a CRC-32 hash of the original password string, which is prone to collisions and is relatively weak against a brute-force approach.

A Microsoft diz

We recommend that you use Encrypting File System (EFS) or Windows BitLocker Drive Encryption to help secure the data in a .pst file. The Compressible Encryption and High Encryption options provide only a basic level of security.

do link

Wikipédia, homem:

Microsoft (MS) offers three values for the encryption setting: none, compressible, and high. None encryption is easy because the .pst file contains data in plaintext, and a simple text editor will show the contents.

Compressible encryption is a simple byte-substitution cipher with a fixed substitution table. Of course, since the table is fixed, it is also widely known. Attackers can simply decipher the data and see the computer's plaintext.

High (sometimes called "better") encryption is similar to a WWII German Enigma cipher with three fixed rotors, which are widely known. If the key, which is the value of an internal identifier, is known, attackers can simply decipher the data and see the computer's plaintext.

Então, isso é algo que você está tentando fazer para uso doméstico ou está tentando distribuir criptografia para seus usuários? Por que especificamente apenas para seus arquivos PST; que problema específico você está tentando resolver?