[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Windows95 "Security"
On Fri, 1 Dec 1995, Laszlo Vecsey wrote:
> Where is the password data file kept?
A separate password file is kept for each "user" in:
.PWL files are weakly encrypted with the "default login" password. Once
you decrypt them, they contain cleartext passwords for every other
password-protected resource accessed by that user (network servers,
screen savers, dial-up networking, possibly .PWL-enabled encryption
Somebody supposedly posted code for decrypting .PWL files to sci.crypt.
.PWL files are persistent, i.e., Joe "logs on," saves a couple passwords,
"logs off," then Judy comes by, hits Escape or various other trivial
tricks to avoid the need to "log on," picks up Joe's .PWL file, and
cracks it at her leisure.
Each "user" also gets an unencrypted "profile" that gives all application
Anyone who treats Win95 as if it were a multiuser system is an idiot.