Home page logo

basics logo Security Basics mailing list archives

RE: Cached Password concern
From: "Zachary Mutrux" <zmutrux () compumentor org>
Date: Tue, 2 Dec 2003 09:37:39 -0800

There was a thread on this not long ago, IIRC. The credentials are stored
using an irreversible (read: impractical to reverse) one-way hash. If a DC
is not available when the user logs in, the credentials that are entered are
hashed and compared with the cached hash. If they match the user is logged

From what I understand it is not practical to recover the admin password
from cached credentials. There are better ways to crack a system if that's
what you're after.

If this is in error, please correct me.


-----Original Message-----
From: sunny budd [mailto:sunnybudd () hotmail com]
Sent: Monday, December 01, 2003 2:56 AM
To: security-basics () securityfocus com
Subject: Cached Password concern

Hi all

I am working on a laptop users security policy and I have a concern about
cached domain user credentials in Windows 2000 SP4 as We use our domain
admin password to logon to laptops while they are being built.  I
would like
to recommend against this practice but need some information on
how easy it
is to extract this stuff from a stolen laptop.  I have heard that these
passwords are protected by "syskey" and are impossible to
extract.  Is this
true or does anyone know how to get at these passwords?


Find a cheaper internet access deal - choose one to suit you.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]