[45196] in Cypherpunks
Re: Win NT proprietary pw encryption (Was: Re: Windows .PWL
daemon@ATHENA.MIT.EDU (Ted Cabeen)
Mon Dec 11 19:20:28 1995
Date: Mon, 11 Dec 1995 13:43:29 -0800
To: cypherpunks@toad.com
From: Ted Cabeen <cabeen@netcom.com>
At 11:39 AM 12/11/95 +0000, you wrote:
>Futplex wrote:
>> someone quoted:
>> Microsoft Knowledge Base article Q102716 says:
>> > Storage of the Passwords in the SAM Database
>> [...]
>> > The second encryption is decryptable by anyone who has access to the
>> > double-encrypted password, the user's RID, and the algorithm. The second
>> > encryption is used for obfuscation purposes.
>>
>> Anyone feel like putting together some sample plaintext/ciphertext pairs ?
>
>This will be really difficult, and in practice rather pointless. NT does
>not allow any user, priviliged or not, to gain access to any form (encrypted
>or not) of the passwords. They are stored in a protected area of the system
>registry that only the OS itself can access. The best that you can do is
>to ask the OS whether a given username/password pair is valid or not, and it
>took until version 3.51 before MS let you do even that!
I took a quick look in my NT registry and you can get access to the Account
Manager section of the registry by manually changing the permissions and
giving yourself access. I didn't have the time to look at all of the
entries in the registry, but there's a lot of stuff there and I wouldn't be
suprised if the encryted passwords were available. Of course, you have to
be an administrator to change the permissions, but it is possible.
_____________________________________________________________________________
Ted Cabeen cabeen@netcom.com
Finger for PGP Public Key secabeen@midway.uchicago.edu
"I have taken all knowledge to be my province." cococabeen@aol.com
