[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Win NT proprietary pw encryption (Was: Re: Windows .PWL cracker implemented as a Word Basic virus)



Dan Bailey writes:
# No, but they're doing something that makes me very uncomfortable:  As
# I read this, they're hashing the password and some other user
# information using MD4 then doing some proprietary permutations on
# that.  Given their record with security, I'd rather they used straight
# MD4, rather than throwing in something that we can't analyze.

I don't quite agree with the last part. It might be educational to do a spot
of cryptanalysis in an attempt to determine the nature of the proprietary
algorithm used. It wouldn't be "cracking" the password protection, but I
think the general effort to "out" proprietary crypto algorithms is productive,
particularly in the case of major software packages.

Microsoft Knowledge Base article Q102716 says:
> Storage of the Passwords in the SAM Database
[...]
> The second encryption is decryptable by anyone who has access to the 
> double-encrypted password, the user's RID, and the algorithm. The second 
> encryption is used for obfuscation purposes.

Anyone feel like putting together some sample plaintext/ciphertext pairs ?

-Futplex <[email protected]>