From: Andy Brown <a.brown@nexor.co.uk>
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Message Hash: b2659b63e19b0eab43741199cb4263f4b3705834155f6ce0e146fe72da603cfb
Message ID: <30CC1859.7C84@nexor.co.uk>
Reply To: <199512090815.DAA08976@opine.cs.umass.edu>
UTC Datetime: 1995-12-11 21:54:54 UTC
Raw Date: Tue, 12 Dec 1995 05:54:54 +0800
From: Andy Brown <a.brown@nexor.co.uk>
Date: Tue, 12 Dec 1995 05:54:54 +0800
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Subject: Re: Win NT proprietary pw encryption (Was: Re: Windows .PWL cracker...)
In-Reply-To: <199512090815.DAA08976@opine.cs.umass.edu>
Message-ID: <30CC1859.7C84@nexor.co.uk>
MIME-Version: 1.0
Content-Type: text/plain
Futplex wrote:
> someone quoted:
> Microsoft Knowledge Base article Q102716 says:
> > Storage of the Passwords in the SAM Database
> [...]
> > The second encryption is decryptable by anyone who has access to the
> > double-encrypted password, the user's RID, and the algorithm. The second
> > encryption is used for obfuscation purposes.
>
> Anyone feel like putting together some sample plaintext/ciphertext pairs ?
This will be really difficult, and in practice rather pointless. NT does
not allow any user, priviliged or not, to gain access to any form (encrypted
or not) of the passwords. They are stored in a protected area of the system
registry that only the OS itself can access. The best that you can do is
to ask the OS whether a given username/password pair is valid or not, and it
took until version 3.51 before MS let you do even that!
Of course, rebooting the PC and inspecting the disk with another OS is not
an answer since in any decent environment you will not be able to march up
to the server with a floppy and hit the reset button!
- Andy
Return to December 1995
Return to “SINCLAIR DOUGLAS N <sinclai@ecf.toronto.edu>”