dissolved
asked on
question on Microsoft password encryption/local policy
1. How does microsoft encrypt their passwords in the SAM? With a one way hash function? Why is it so easy to crack the passwords once they are dumped??
2. What does the "store passwords with reversible encryption" setting in local policy do?
thanks
2. What does the "store passwords with reversible encryption" setting in local policy do?
thanks
ASKER
>>>Why you want to know that?
Why not? ;-)
I'm doing password auditing. Just trying to figure out why an alphanumeric password was so easily cracked. I'm guessing the security tool is applying the same encryption algorithm to the stored passwords in the SAM?
>>This policy provides support for applications that use protocols that require knowledge of the user's password for authentication purposes.
You wouldnt happen to know if Dell's remote access cards use CHAP authentication would you? They are PCI add in cards with ethernet and RJ11 connections.
Thanks
Why not? ;-)
I'm doing password auditing. Just trying to figure out why an alphanumeric password was so easily cracked. I'm guessing the security tool is applying the same encryption algorithm to the stored passwords in the SAM?
>>This policy provides support for applications that use protocols that require knowledge of the user's password for authentication purposes.
You wouldnt happen to know if Dell's remote access cards use CHAP authentication would you? They are PCI add in cards with ethernet and RJ11 connections.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks man. Reply when ever your back in the office. Giving you full credit for this since you did answer the majority of my question.
Thanks again! Always a help
Thanks again! Always a help
ASKER
well, you never responded man?
I was really not in good state of mind for 20-30 days. You can see my record at EE. I didn't respond any question which i got through e-mail. From past three-four days i have started back to the thing. I really say sorry for my words.
Now please let me know if you want to proceed further on this.
Thanks for your support.
SystmProg
Now please let me know if you want to proceed further on this.
Thanks for your support.
SystmProg
ASKER
understood bro. No love lost. Hope things look up for you . Keep ya head up
Why you want to know that?
>>>2. What does the "store passwords with reversible encryption" setting in local policy do?
This security setting determines whether the operating system stores passwords using reversible encryption.
This policy provides support for applications that use protocols that require knowledge of the user's password for authentication purposes. Storing passwords using reversible encryption is essentially the same as storing plaintext versions of the passwords. For this reason, this policy should never be enabled unless application requirements outweigh the need to protect password information.
This policy is required when using Challenge-Handshake Authentication Protocol (CHAP) authentication through remote access or Internet Authentication Services (IAS). It is also required when using Digest Authentication in Internet Information Services (IIS).
Ref: - http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/eeff044c-d4a8-4699-a4b8-c5e563118c93.mspx
I think you are more familiar with this.
Let me know your requirement regard to this.