From: futplex@pseudonym.com (Futplex)
Date: Sat, 9 Dec 95 00:14:32 PST
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Win NT proprietary pw encryption (Was: Re: Windows .PWL cracker implemented as a Word Basic virus)
In-Reply-To: <199512090547.FAA21624@pop01.ny.us.ibm.net>
Message-ID: <199512090815.DAA08976@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Dan Bailey writes:
# No, but they're doing something that makes me very uncomfortable:  As
# I read this, they're hashing the password and some other user
# information using MD4 then doing some proprietary permutations on
# that.  Given their record with security, I'd rather they used straight
# MD4, rather than throwing in something that we can't analyze.

I don't quite agree with the last part. It might be educational to do a spot
of cryptanalysis in an attempt to determine the nature of the proprietary
algorithm used. It wouldn't be "cracking" the password protection, but I
think the general effort to "out" proprietary crypto algorithms is productive,
particularly in the case of major software packages.

Microsoft Knowledge Base article Q102716 says:
> Storage of the Passwords in the SAM Database
[...]
> The second encryption is decryptable by anyone who has access to the 
> double-encrypted password, the user's RID, and the algorithm. The second 
> encryption is used for obfuscation purposes.

Anyone feel like putting together some sample plaintext/ciphertext pairs ?

-Futplex <futplex@pseudonym.com>