What is DPAPI and why is the MasterKey critical for decrypting protected data on Windows?

DPAPI (Data Protection Application Programming Interface) is a Windows component used to encrypt sensitive data such as EFS files, wireless passwords, and credentials stored in Windows Credential Manager. The MasterKey is a 64-byte key that is required to decrypt DPAPI-protected blobs; it is stored in a Master Key file encrypted with the user's login password, SID, and a random salt. Obtaining the MasterKey is essential for an attacker to access encrypted user data, similar to how extracting password hashes from the SAM database enables credential theft (Penetration Techniques - Obtaining Local User Hashes via SAM Database).