[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Win NT proprietary pw encryption (Was: Re: Windows .PWL cracker implemented as a Word Basic virus)
Dan Bailey writes:
# No, but they're doing something that makes me very uncomfortable: As
# I read this, they're hashing the password and some other user
# information using MD4 then doing some proprietary permutations on
# that. Given their record with security, I'd rather they used straight
# MD4, rather than throwing in something that we can't analyze.
I don't quite agree with the last part. It might be educational to do a spot
of cryptanalysis in an attempt to determine the nature of the proprietary
algorithm used. It wouldn't be "cracking" the password protection, but I
think the general effort to "out" proprietary crypto algorithms is productive,
particularly in the case of major software packages.
Microsoft Knowledge Base article Q102716 says:
> Storage of the Passwords in the SAM Database
[...]
> The second encryption is decryptable by anyone who has access to the
> double-encrypted password, the user's RID, and the algorithm. The second
> encryption is used for obfuscation purposes.
Anyone feel like putting together some sample plaintext/ciphertext pairs ?
-Futplex <[email protected]>