RE: Cached Password concern

["Zachary Mutrux" <zmutrux () compumentor org>]

There was a thread on this not long ago, IIRC. The credentials are stored
using an irreversible (read: impractical to reverse) one-way hash. If a DC
is not available when the user logs in, the credentials that are entered are
hashed and compared with the cached hash. If they match the user is logged
in.

> From what I understand it is not practical to recover the admin password
from cached credentials. There are better ways to crack a system if that's
what you're after.

If this is in error, please correct me.

zm

> -----Original Message-----
> From: sunny budd [mailto:sunnybudd () hotmail com]
> Sent: Monday, December 01, 2003 2:56 AM
> To: security-basics () securityfocus com
> Subject: Cached Password concern
>
>
> Hi all
>
> I am working on a laptop users security policy and I have a concern about
> cached domain user credentials in Windows 2000 SP4 as We use our domain
> admin password to logon to laptops while they are being built.  I
> would like
> to recommend against this practice but need some information on
> how easy it
> is to extract this stuff from a stolen laptop.  I have heard that these
> passwords are protected by "syskey" and are impossible to
> extract.  Is this
> true or does anyone know how to get at these passwords?
>
> Thanks,
> S
>
> _________________________________________________________________
> Find a cheaper internet access deal - choose one to suit you.
> http://www.msn.co.uk/internetaccess
>
>
> ------------------------------------------------------------------
> ---------
> ------------------------------------------------------------------
> ----------


---------------------------------------------------------------------------
----------------------------------------------------------------------------