[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Win NT proprietary pw encryption (Was: Re: Windows .PWL cracker...)

To: Cypherpunks Mailing List <[email protected]>
Subject: Re: Win NT proprietary pw encryption (Was: Re: Windows .PWL cracker...)
From: Andy Brown <[email protected]>
Date: Mon, 11 Dec 1995 11:39:05 +0000
Organization: NEXOR Ltd
References: <[email protected]>
Sender: [email protected]

Futplex wrote:
> someone quoted:
> Microsoft Knowledge Base article Q102716 says:
> > Storage of the Passwords in the SAM Database
> [...]
> > The second encryption is decryptable by anyone who has access to the
> > double-encrypted password, the user's RID, and the algorithm. The second
> > encryption is used for obfuscation purposes.
> 
> Anyone feel like putting together some sample plaintext/ciphertext pairs ?

This will be really difficult, and in practice rather pointless.  NT does
not allow any user, priviliged or not, to gain access to any form (encrypted
or not) of the passwords.  They are stored in a protected area of the system
registry that only the OS itself can access.  The best that you can do is
to ask the OS whether a given username/password pair is valid or not, and it
took until version 3.51 before MS let you do even that!

Of course, rebooting the PC and inspecting the disk with another OS is not
an answer since in any decent environment you will not be able to march up
to the server with a floppy and hit the reset button!

- Andy

References:
- Re: Win NT proprietary pw encryption (Was: Re: Windows .PWL cracker implemented as a Word Basic virus)
  - From: [email protected] (Futplex)

Prev by Date: Re: Timing Cryptanalysis Attack
Next by Date: Re: Netscape announces position against GAK
Prev by thread: Re: Win NT proprietary pw encryption (Was: Re: Windows .PWL cracker implemented as a Word Basic virus)
Next by thread: Re: Windows .PWL cracker implemented as a Word Basic virus
Index(es):
- Date
- Thread