PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Differences between MSCacheV1 and MSCacheV2

From: Adrian Crenshaw <irongeek () irongeek com>
Date: Sun, 14 Aug 2011 11:48:57 -0400
Hi all,
   Ok, I've been Googling this up and found no answer. My statements in this
email may also be wrong, so double check.

On WIndows boxes in a domain, the last 10 passwords are saved (by default)
as a hash on the local box in case communications to the domain go down. The
user name is used as a salt in these hashes.

Windows before Visa: uses MSCacheV1 (AKA Domain Cached Credentials)
Windows Vista/7/2008: use MSCacheV2

Cain can now dump and crack both, but at 70 attempts per sec with Cain on a
newer i7, it's kind of pointless. Hashcat/cudaHashCat seems to be able to
crack MSCacheV1 much faster than Cain, but only seems to support MSCacheV1
as far as I can tell. Anyone know what the real differences in algorithm are
between the two MSCache versions?

As a side note: What do you use for dumping these hashes? I've been using
Cain, but would love to hear if there is something better.

Thanks,
Adrian

-- 
"The ability to quote is a serviceable substitute for wit." ~ W. Somerset
Maugham

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: