Penetration Testing mailing list archives
RE: Windows XP salted hashed verification of domain passwords
From: Matthew Webster <awakenings () mindspring com>
Date: Mon, 5 Mar 2007 07:17:23 -0500 (GMT-05:00)
Michael, Yes, I am aware of the difficulties. I want to find out, can it be done? How effective would a brute force attack be? What is the risk? Thanks, Matt -----Original Message-----
From: Michael Hendrickx <Michael.Hendrickx () du ae> Sent: Mar 5, 2007 1:42 AM To: Matthew Webster <awakenings () mindspring com>, pen-test <pen-test () securityfocus com> Subject: RE: Windows XP salted hashed verification of domain passwords Dear, MD4 is a one way hash, though cryptographic collisions are found against it, the clear text password cannot be derived straight away, unless a brute force attack is performed against the hashes. Thanks, Michael Hendrickx Senior Applications & Systems Analyst - Enterprise IT Security Technology security & Risk Management Emirates Integrated Telecommunications Company, PJSC P.O. Box 502666, Dubai, U.A.E. Tel (Dir) : +971 4 3693919 Fax : +971 4 3604414 www.du.ae -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Matthew Webster Sent: Saturday, March 03, 2007 12:12 AM To: pen-test Subject: Windows XP salted hashed verification of domain passwords Folks, For domain accounts, the passwords are not kept on a system. The verification is salted and hashed with md4 twice. I am trying to assess the following risks. 1) What is the danger that that verification could be misused on another system? 2) From that salted, hashed verification, can the password be derived? How likely is this? Also, how would one perform a pen test against those salted, hashed verifications? Lets assume in the registry no one was ignorant enough to put the registry key which provides the password. Thanks, Matt ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016 00000008bOW ------------------------------------------------------------------------ This email and any attachments may contain confidential information. If you or your organization are not the intended recipient and have received them in error, please delete them and contact du. If the content of this email does not relate to du's business, du does not endorse it. Without exception, du does not enter into agreements by exchange of emails and nothing in this mail shall be construed or interpreted as binding du or creating any obligation on behalf of du. You should check attachments for viruses before opening. Authorised, issued and fully paid up share capital of AED 4 billion Commercial Licence No. 576513; Commercial Registration No. 77967
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Windows XP salted hashed verification of domain passwords Matthew Webster (Mar 04)
- RE: Windows XP salted hashed verification of domain passwords Michael Hendrickx (Mar 05)
- Re: Windows XP salted hashed verification of domain passwords Security Guy (Mar 05)
- RE: Windows XP salted hashed verification of domain passwords Javier Jarava (Mar 09)
- Re: Windows XP salted hashed verification of domain passwords Tim (Mar 05)
- <Possible follow-ups>
- RE: Windows XP salted hashed verification of domain passwords Matthew Webster (Mar 05)
- RE: Windows XP salted hashed verification of domain passwords Michael Hendrickx (Mar 05)