sysreq2000
asked on
How secure are Service Credential Passwords?
I've been doing some password strength auditing and one possible security hole that occured to me was user credentials stored by services. I know that NTLM hashes are weak and easily cracked by rainbow tables, etc. but how are the passwords stored in the registry by a service.
For example it's common for people to use an administrator account for Log On accross the network where Local System Account won't do. I know these passwords are stored in an encrypted part of the registry, but what type of encryption is used? Are they as vulnerable as NTLM hashes?
For example it's common for people to use an administrator account for Log On accross the network where Local System Account won't do. I know these passwords are stored in an encrypted part of the registry, but what type of encryption is used? Are they as vulnerable as NTLM hashes?
ASKER
Hi bbao, thanks for the info. I was actually thinking more of passwords stored by services. For example, if you set a service to log on as an administrator rather than the default system account. In other words, when you click on the Log On tab and enter a Username and Password for the service to run as.
As far as I know that Username and Password are stored in the registry, and when the service runs, it's copy of the Username and Password are tested against the SAM's copy for authentication.
I'm just wondering if that's another avenue for programs like John the Ripper to get passwords, in addition to the SAM database.
Pragmatically I'm wondering if we should treat backups of the registry (i.e. exported to a .reg file) with the same degree of security as we do, say, the repair directory or ERD disks, lest it fall into the wrong hands.
As far as I know that Username and Password are stored in the registry, and when the service runs, it's copy of the Username and Password are tested against the SAM's copy for authentication.
I'm just wondering if that's another avenue for programs like John the Ripper to get passwords, in addition to the SAM database.
Pragmatically I'm wondering if we should treat backups of the registry (i.e. exported to a .reg file) with the same degree of security as we do, say, the repair directory or ERD disks, lest it fall into the wrong hands.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks!! That has me on the right track!
you may additionally secure the SAM database using the SYSKEY utility. the utility removes the encryption key from the windows-based computer.
FYI
Cached credentials security in Windows Server 2003, in Windows XP, and in Windows 2000
http://support.microsoft.com/kb/913485
Windows NT System Key Permits Strong Encryption of the SAM
http://support.microsoft.com/kb/143475
How to use the SysKey utility to secure the Windows Security Accounts Manager database
http://support.microsoft.com/kb/310105/
hope it helps,
bbao