+ *
+ * We don't worry too much if this doesn't work for some reason.
+ * Omitting this step still has _some_ privacy value (in that
+ * another user can test-hash things to confirm guesses as to
+ * where you might be connecting to, but cannot invert SHA-256 in
+ * the absence of any plausible guess). So we don't abort if we
+ * can't call CryptProtectMemory at all, or if it fails.