Vulnerability Development mailing list archives
Re: NT SysKey should be breakable
From: mikael.olsson () ENTERNET SE (Mikael Olsson)
Date: Sun, 10 Oct 1999 15:00:31 +0200
Todd Sabin wrote:
I think the things most worth looking at are what can you do if you e.g., steal a machine or backup tape, but don't get the SYSKEY. These are the types of attacks it's meant to protect against.
Point taken. I was thinking along the lines "what if you can't upload pwdump to the host?", but then you can't upload code to get to the syskey either... Wonder where I'd left my brain. Anyhow, speaking of getting hold of an encrypted SAM file, either through being able to download it or getting hold of a backup or an rdisk... Even if syskey only encrypts the password hashes, I'm willing to bet that there's going to be at least ONE password that's less than 8 chars, and we know what happens to the last half of the password hashes when the password is less than 8 chars, don't we? *wink* *wink* - Can we say "known plaintext"? :-) -- Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50 Mobile: +46-(0)70-248 00 33 WWW: http://www.enternet.se E-mail: mikael.olsson () enternet se
Current thread:
- Re: Classes?, (continued)
- Re: Classes? Blue Boar (Oct 16)
- Re: Classes? Dragos Ruiu (Oct 16)
- Re: Classes? Bacano (Oct 17)
- Re: Classes? Max Vision (Oct 18)
- Re: Classes? David R. Conrad (Oct 17)
- Re: Classes? Crispin Cowan (Oct 18)
- Re: Classes? George Kurtz (Oct 20)
- Re: Classes? Max Vision (Oct 24)
- MediaHouse Enterprise Monitor 5.20 Sebastian Andersson (Oct 21)
- Re: Classes? Bacano (Oct 19)
- Re: NT SysKey should be breakable Mikael Olsson (Oct 10)