1995-11-03 - Re: Win95 password caching

Header Data

From: Joel McNamara <joelm@eskimo.com>
To: llurch@networking.stanford.edu (Rich Graves)
Message Hash: 3637a4f7aba8098da633ab54d000fe1739629f2cdf3a3e46930c1cb017a2d5d8
Message ID: <199511030120.RAA06496@mail.eskimo.com>
Reply To: N/A
UTC Datetime: 1995-11-03 02:25:34 UTC
Raw Date: Fri, 3 Nov 1995 10:25:34 +0800

Raw message

From: Joel McNamara <joelm@eskimo.com>
Date: Fri, 3 Nov 1995 10:25:34 +0800
To: llurch@networking.stanford.edu (Rich Graves)
Subject: Re: Win95 password caching
Message-ID: <199511030120.RAA06496@mail.eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


I was under the impression that MS used some variation of DES for encrypting
the password lists (obviously much more secure than the nonsense XOR
encryption used for the screen savers).

Joel

>This was not the question. He wants to prevent local Windows passwords
>from being created for network-only users. This is a serious security
>issue, because if a user enters her real network password for the Windows
>password, and someone else later picks up the .PWL files, which are not
>encrypted in a particularly secure way, then someone can get unauthorized
>access to the network as the previous user(s).






Thread