1995-12-13 - NT Password Security Update. Registry values changed!

Header Data

From: Ted Cabeen <cabeen@netcom.com>
To: cypherpunks@toad.com
Message Hash: a137a92401a186634db2e4e73d3e33042f2a8d7abf2c913c92772c4658b617fa
Message ID: <2.2b7.32.19951213071131.00316644@netcom14.netcom.com>
Reply To: N/A
UTC Datetime: 1995-12-13 06:13:22 UTC
Raw Date: Wed, 13 Dec 1995 14:13:22 +0800

Raw message

From: Ted Cabeen <cabeen@netcom.com>
Date: Wed, 13 Dec 1995 14:13:22 +0800
To: cypherpunks@toad.com
Subject: NT Password Security Update.  Registry values changed!
Message-ID: <2.2b7.32.19951213071131.00316644@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Well, I did some more research into the NT password security issue and I
discovered that I can get access to the Security section of the registry and
there are some VERY interesting values there, stored as raw hex.  I created
a test user and checked the values of these registry keys with two different
passwords and iterestingly enough the data in the keys changed when I
changed the password.  I plan on doing some more work, including changing
the values and seeing if the password change, but I've been somewhat busy
lately.  I've st up a web page at 

http://shadowland.rh.uchicago.edu/ntcrypto.html 

that has the password I used and the data in the two registry values that
changed when I changed the password.  I invite people to look at it and
speculate what the change means.  Also, I can provide a few more
plaintext/cyphertext pairs if necessary.  The change in the values could be
something like update time, but I don't think that they'd store that as raw
hex, espically hex as long as the stuff I got.  Good luck figuring it out.
_____________________________________________________________________________
Ted Cabeen                                                  cabeen@netcom.com
Finger for PGP Public Key                        secabeen@midway.uchicago.edu
"I have taken all knowledge to be my province."            cococabeen@aol.com






Thread