Vulnerability Development mailing list archives
Re: NT stores passwords in plaintext. (sp00ky)
From: Dan Kaminsky <dankamin () CISCO COM>
Date: Wed, 21 Mar 2001 12:17:32 -0800
So this is where I'm supposed to wearily get back on my soapbox and proclaim to the world, yet again, "People, it really is pretty irrelevant if a password is stored in plaintext, because its effectively trivially crackable by definition of the decryption key / algorithm being necessarily on the same machine." Then I'd post a link to http://www.doxpara.com/read.php/security/password_rejected.html . But Strezz opens up an interesting caveat I hadn't really thought of: When the password would otherwise be masked by a large amount of random data(as opposed to being the only high-entropy data is an otherwise low entropy structure, i.e. the registry) having it *not* possess similar entropy identifies and emphasizes the exact location of the memory dump that contains the eventually readable password. So, in other words, password=a13OOpio12 is effectively useless encryption--but given: skjf13113KJJiiOpqra13OOpio12poqo212nbBB from a *memory dump*(i.e. not the original mode the data was supposed to be read from), the surrounding noise does indeed provide a masking threshhold the encrypted password can hide amongst. Now, the problem of course is that as random as memory dumps might look, there's actually a decent amount of structure to them, and automated dump analysis tools exist to take a standard dump file and parse out what was allocated to what(and thus isolate the encoded password). So this entire line of thought is somewhat academic, when you get down to it. Yours Truly, Dan Kaminsky, CISSP http://www.doxpara.com
Current thread:
- NT stores passwords in plaintext. (sp00ky) -No Strezzz Cazzz (Mar 20)
- Re: NT stores passwords in plaintext. (sp00ky) Craig Boston (Mar 22)
- Re: NT stores passwords in plaintext. (sp00ky) Dan Kaminsky (Mar 22)