Python win32crypt.CryptProtectData difference between 2.5 and 3.1?

Question

I'm trying to hash a password to dump into a .rdp file. I found a site that (more or less) shows how to do that here but it doesn't work in 3.1.

In 2.5.4 I get this:

>>> import win32crypt
>>> import binascii
>>> pwdHash = win32crypt.CryptProtectData(u"password",u'psw',None,None,None,0)
>>> print str(binascii.hexlify(pwdHash)).upper()
01000000D08C9DDF0115D1118C7A00C04FC297EB010000007E9E... blah, blah blah

In 3.1 I get this (everything's unicode in 3.1 so just ditch the u" right?):

>>> pwdHash = win32crypt.CryptProtectData("password",'psw',None,None,None,0)
Traceback (most recent call last):
  File "<pyshell#19>", line 1, in <module>
    pwdHash = win32crypt.CryptProtectData("password",'psw',None,None,None,0)
TypeError: expected an object with a buffer interface

OK, I've seen that error before and usually that just means I need to convert to bytes first, so:

>>> pwdHash = win32crypt.CryptProtectData("password".encode(),'psw',None,None,None,0)
>>> print(str(binascii.hexlify(pwdHash)).upper())
B'01000000D08C9DDF0115D1118C7A00C04FC297EB010000007E9E... blah, blah, blah
>>>

Which seems all well and good but that doesn't work when you dump that hexed value into an .rdp file, I can only assume that's because it isn't a hex-crypt of the unicode string 'password' but a hex-crypt of the bytes 'password'. I've attempted a .decode() but that does just what you'd expect and makes the hex-crypt bytes into a string, it doesn't give you the hex-crypt string for the original unicode string.

I've googled like crazy for any info on the win32crypt.CryptProtectData and I can't find any useful information on why it now requires a bytes or buffer object instead of a string.

Can anybody help?
(or does anyone know of an easier way to feed a password into a Remote Desktop session I'm opening programatically through Python? hehe)

Answer 1

Use "password".encode('utf-16-le') instead.