Re: Cached Domain Password on Notebook, secure?
From: Eric (ews@tellurian.net)Date: 02/19/02
- Previous message: Varga Daniel (QI/RZS4) *: "Cached Domain Password on Notebook, secure?"
- Maybe in reply to: Varga Daniel (QI/RZS4) *: "Cached Domain Password on Notebook, secure?"
- Next in thread: Laura A. Robinson: "Re: Cached Domain Password on Notebook, secure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 19 Feb 2002 10:19:36 -0800 To: "Varga Daniel (QI/RZS4) *" <Daniel.Varga@de.bosch.com>, "'focus-ms@securityfocus.com'" <focus-ms@securityfocus.com> From: Eric <ews@tellurian.net>
It is not a 'cachedpassword' as the reg key name implies. It is an OWF
hash verifier of the password hash - it is not possible to reverse this
value to obtain either the LM or NTLM hashes, nor the clear-text password.
At 06:17 PM 2/18/2002 +0100, Varga Daniel (QI/RZS4) * wrote:
>Hi all,
>
>do you know, whether it is possible for an attacker to crack the cached
>credentials of a domain user on an offline notebook?
>
>I tried lsadump2 (http://razor.bindview.com/tools/desc/lsadump2_readme.html)
>but cannot judge whether this information is any useful for an attacker to
>get the cached password of a domain user. Does anyone of you?
>
>We plan to roll out EFS to secure our notebooks in case they get lost but as
>I see the security of EFS stands and falls with the security of the password
>of the user.
>
>Thanks,
>--
>Daniel
- Previous message: Varga Daniel (QI/RZS4) *: "Cached Domain Password on Notebook, secure?"
- Maybe in reply to: Varga Daniel (QI/RZS4) *: "Cached Domain Password on Notebook, secure?"
- Next in thread: Laura A. Robinson: "Re: Cached Domain Password on Notebook, secure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
