[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Windows95 "Security"

On Fri, 1 Dec 1995, Laszlo Vecsey wrote:

> Where is the password data file kept?

A separate password file is kept for each "user" in:


.PWL files are weakly encrypted with the "default login" password. Once 
you decrypt them, they contain cleartext passwords for every other 
password-protected resource accessed by that user (network servers, 
screen savers, dial-up networking, possibly .PWL-enabled encryption 

Somebody supposedly posted code for decrypting .PWL files to sci.crypt.

.PWL files are persistent, i.e., Joe "logs on," saves a couple passwords, 
"logs off," then Judy comes by, hits Escape or various other trivial 
tricks to avoid the need to "log on," picks up Joe's .PWL file, and 
cracks it at her leisure.

Each "user" also gets an unencrypted "profile" that gives all application

Anyone who treats Win95 as if it were a multiuser system is an idiot.