These are encrypted using a one-way hash; hence, the encryption is
irreversible by definition.
Fred Langston, CISSP
Senior Principal Consultant
W: 206.903.8147 x223 F: 206.903.1862 M: 425.765.3330
Seattle, WA www.Guardent.com
________________________________________
G U A R D E N T
Enterprise Security and Privacy Programs
-----Original Message-----
From: Zachary Mutrux [mailto:zmutrux (at) compumentor (dot) org [email concealed]]
Sent: Friday, September 05, 2003 10:31 AM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: focus-ms (at) securityfocus (dot) com [email concealed]
Thank you, Brian.
> "irreversibly"?
So the credentials are encrypted and stored in the registry after you
successfully authenticate to a domain controller. Then when a domain
controller is not available, you submit your credentials again, they are
encrypted again, and they are compared with the encrypted copy that is
cached. If they match, you get in.
It does seem to me that anything that can be encrypted can be decrypted.
Especially if the same method results in two encrypted copies that can be
compared. Does anyone disagree?
Zac
> -----Original Message-----
> From: Perry, Brian [mailto:Brian.Perry (at) phns (dot) com [email concealed]]
> Sent: Thursday, September 04, 2003 7:32 AM
> To: Paulo Wilbert; Kim Oppalfens; simonis (at) myself (dot) com [email concealed]; fala83 (at) libero (dot) it [email concealed]
> Cc: focus-ms (at) securityfocus (dot) com [email concealed]; todd (at) toddschubert (dot) com [email concealed]
> Subject: RE: focus-ms (at) securityfocus (dot) com [email concealed]
>
>
> If I may....Quoting MS Security Resource Kit... pg.79
>
> Cached Credentials
> "By default, Windows NT, Windows 2000, and Windows XP cache the
> credentials of domain accounts used to log on to the network at the
> local computer. The credentials include the users name, password, and
> domain. Rather than storing the actual credential information, the
> information is stored in an irreversibly encrypted form and on the
> local computer."
>
> "irreversibly"?
>
> bp
------------------------------------------------------------------------
---
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security
Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
------------------------------------------------------------------------
---
irreversible by definition.
Fred Langston, CISSP
Senior Principal Consultant
W: 206.903.8147 x223 F: 206.903.1862 M: 425.765.3330
Seattle, WA www.Guardent.com
________________________________________
G U A R D E N T
Enterprise Security and Privacy Programs
-----Original Message-----
From: Zachary Mutrux [mailto:zmutrux (at) compumentor (dot) org [email concealed]]
Sent: Friday, September 05, 2003 10:31 AM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: focus-ms (at) securityfocus (dot) com [email concealed]
Thank you, Brian.
> "irreversibly"?
So the credentials are encrypted and stored in the registry after you
successfully authenticate to a domain controller. Then when a domain
controller is not available, you submit your credentials again, they are
encrypted again, and they are compared with the encrypted copy that is
cached. If they match, you get in.
It does seem to me that anything that can be encrypted can be decrypted.
Especially if the same method results in two encrypted copies that can be
compared. Does anyone disagree?
Zac
> -----Original Message-----
> From: Perry, Brian [mailto:Brian.Perry (at) phns (dot) com [email concealed]]
> Sent: Thursday, September 04, 2003 7:32 AM
> To: Paulo Wilbert; Kim Oppalfens; simonis (at) myself (dot) com [email concealed]; fala83 (at) libero (dot) it [email concealed]
> Cc: focus-ms (at) securityfocus (dot) com [email concealed]; todd (at) toddschubert (dot) com [email concealed]
> Subject: RE: focus-ms (at) securityfocus (dot) com [email concealed]
>
>
> If I may....Quoting MS Security Resource Kit... pg.79
>
> Cached Credentials
> "By default, Windows NT, Windows 2000, and Windows XP cache the
> credentials of domain accounts used to log on to the network at the
> local computer. The credentials include the users name, password, and
> domain. Rather than storing the actual credential information, the
> information is stored in an irreversibly encrypted form and on the
> local computer."
>
> "irreversibly"?
>
> bp
------------------------------------------------------------------------
---
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security
Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
------------------------------------------------------------------------
---
[ reply ]