Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 127
  • Last Modified:

question on Microsoft password encryption/local policy

1. How does microsoft encrypt their passwords in the SAM? With a one way hash function?  Why is it so easy to crack the passwords once they are dumped??

2. What does the "store passwords with reversible encryption" setting in local policy do?
thanks
0
dissolved
Asked:
dissolved
  • 4
  • 3
1 Solution
 
Nirmal SharmaSolution ArchitectCommented:
>>>1. How does microsoft encrypt their passwords in the SAM? With a one way hash function?  Why is it so easy to crack the passwords once they are dumped??

Why you want to know that?

>>>2. What does the "store passwords with reversible encryption" setting in local policy do?

This security setting determines whether the operating system stores passwords using reversible encryption.

This policy provides support for applications that use protocols that require knowledge of the user's password for authentication purposes. Storing passwords using reversible encryption is essentially the same as storing plaintext versions of the passwords. For this reason, this policy should never be enabled unless application requirements outweigh the need to protect password information.

This policy is required when using Challenge-Handshake Authentication Protocol (CHAP) authentication through remote access or Internet Authentication Services (IAS). It is also required when using Digest Authentication in Internet Information Services (IIS).

Ref: -  http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/eeff044c-d4a8-4699-a4b8-c5e563118c93.mspx

I think you are more familiar with this.

Let me know your requirement regard to this.
0
 
dissolvedAuthor Commented:
>>>Why you want to know that?
Why not? ;-)
I'm doing password auditing. Just trying to figure out why an alphanumeric password was so easily cracked. I'm guessing the security tool is applying the same encryption algorithm to the stored passwords in the SAM?


>>This policy provides support for applications that use protocols that require knowledge of the user's password for authentication purposes.

You wouldnt happen to know if Dell's remote access cards use CHAP authentication would you?  They are PCI add in cards with ethernet and RJ11 connections.

Thanks
0
 
Nirmal SharmaSolution ArchitectCommented:
I am out of office and will post on this saturdy.

Thanks
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
dissolvedAuthor Commented:
thanks man. Reply when ever your back in the office. Giving you full credit for this since you did answer the majority of my question.
Thanks again! Always a help
0
 
dissolvedAuthor Commented:
well, you never responded man?
0
 
Nirmal SharmaSolution ArchitectCommented:
I was really not in good state of mind for 20-30 days. You can see my record at EE. I didn't respond any question which i got through e-mail. From past three-four days i have started back to the thing. I really say sorry for my words.

Now please let me know if you want to proceed further on this.

Thanks for your support.
SystmProg
0
 
dissolvedAuthor Commented:
understood bro. No love lost. Hope things look up for you . Keep ya head up
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now