1995-12-11 - Re: Win NT proprietary pw encryption (Was: Re: Windows .PWL cracker…)
Header Data
From: Andy Brown <a.brown@nexor.co.uk>
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Message Hash: b2659b63e19b0eab43741199cb4263f4b3705834155f6ce0e146fe72da603cfb
Message ID: <30CC1859.7C84@nexor.co.uk>
Reply To: <199512090815.DAA08976@opine.cs.umass.edu>
UTC Datetime: 1995-12-11 21:54:54 UTC
Raw Date: Tue, 12 Dec 1995 05:54:54 +0800
Raw message
From: Andy Brown <a.brown@nexor.co.uk>
Date: Tue, 12 Dec 1995 05:54:54 +0800
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Subject: Re: Win NT proprietary pw encryption (Was: Re: Windows .PWL cracker...)
In-Reply-To: <199512090815.DAA08976@opine.cs.umass.edu>
Message-ID: <30CC1859.7C84@nexor.co.uk>
MIME-Version: 1.0
Content-Type: text/plain
Futplex wrote:
> someone quoted:
> Microsoft Knowledge Base article Q102716 says:
> > Storage of the Passwords in the SAM Database
> [...]
> > The second encryption is decryptable by anyone who has access to the
> > double-encrypted password, the user's RID, and the algorithm. The second
> > encryption is used for obfuscation purposes.
>
> Anyone feel like putting together some sample plaintext/ciphertext pairs ?
This will be really difficult, and in practice rather pointless. NT does
not allow any user, priviliged or not, to gain access to any form (encrypted
or not) of the passwords. They are stored in a protected area of the system
registry that only the OS itself can access. The best that you can do is
to ask the OS whether a given username/password pair is valid or not, and it
took until version 3.51 before MS let you do even that!
Of course, rebooting the PC and inspecting the disk with another OS is not
an answer since in any decent environment you will not be able to march up
to the server with a floppy and hit the reset button!
- Andy
Thread
Return to December 1995
- Return to “Andy Brown <a.brown@nexor.co.uk>”
- Return to “dan@milliways.org (Dan Bailey)”
- Return to “futplex@pseudonym.com (Futplex)”
- Return to ““Perry E. Metzger” <perry@piermont.com>”
- Return to “Rich Graves <llurch@networking.stanford.edu>”
Return to “SINCLAIR DOUGLAS N <sinclai@ecf.toronto.edu>”
- 1995-12-09 (Fri, 8 Dec 95 21:46:21 PST) - Re: Windows .PWL cracker implemented as a Word Basic virus - dan@milliways.org (Dan Bailey)
- 1995-12-09 (Fri, 8 Dec 95 22:15:44 PST) - NT v. Win95 Passwords (was Re: Windows .PWL cracker implemented as a Word Basic virus) - Rich Graves <llurch@networking.stanford.edu>
- 1995-12-09 (Sat, 9 Dec 95 00:14:32 PST) - Re: Win NT proprietary pw encryption (Was: Re: Windows .PWL cracker implemented as a Word Basic virus) - futplex@pseudonym.com (Futplex)
- 1995-12-11 (Tue, 12 Dec 1995 05:54:54 +0800) - Re: Win NT proprietary pw encryption (Was: Re: Windows .PWL cracker…) - Andy Brown <a.brown@nexor.co.uk>
- 1995-12-10 (Sun, 10 Dec 95 14:14:35 PST) - Re: Windows .PWL cracker implemented as a Word Basic virus - “Perry E. Metzger” <perry@piermont.com>
- 1995-12-10 (Sun, 10 Dec 95 14:53:45 PST) - Re: Windows .PWL cracker implemented as a Word Basic virus - SINCLAIR DOUGLAS N <sinclai@ecf.toronto.edu>
- 1995-12-10 (Sun, 10 Dec 95 14:56:29 PST) - Re: Windows .PWL cracker implemented as a Word Basic virus - “Perry E. Metzger” <perry@piermont.com>
- 1995-12-10 (Sun, 10 Dec 95 14:53:45 PST) - Re: Windows .PWL cracker implemented as a Word Basic virus - SINCLAIR DOUGLAS N <sinclai@ecf.toronto.edu>