RE: Cached Domain Password on Notebook, secure?

From: Alan Ramsbottom (alancr@ntlworld.com)
Date: 02/20/02


From: "Alan Ramsbottom" <alancr@ntlworld.com>
To: "Varga Daniel (QI/RZS4) *" <Daniel.Varga@de.bosch.com>, "'Laura A. Robinson'" <larobins@bellatlantic.net>, <focus-ms@securityfocus.com>
Date: Wed, 20 Feb 2002 18:03:56 -0000


> From: Varga Daniel (QI/RZS4) * [mailto:Daniel.Varga@de.bosch.com]

> An MS-Engineer assured me that it would be incredibly hard for an
> attacker to get these keys

Hmm.. it depends on a lot of things, not least what you're running. It's way
overdue, but there's now a useful overview of the DPAPI used for storing
private key blobs on WinXP here (URL will wrap):

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/ht
ml/windataprotection-dpapi.asp

A lot of that still applies to Win2K, but if you have that OS then please
don't overlook this part:

 "One feature we do not discuss is that DPAPI can be configured to operate
with a Windows 2000 server in a legacy mode. In this mode, it is possible to
backup the MasterKeys under a local LSA secret. The MasterKeys, along with
the LSA, and any protected data can then be stolen by an adversary and
decrypted at will. For this to occur, however, an Administrator must modify
the registry to configure DPAPI for this legacy mode."

Perhaps someone knows different, but I've long assumed these backup
MasterKeys (used to automagically recover from certain password reset
events) are why that old chntpw/EFS attack worked.

-Alan-



Relevant Pages

  • Re: Randomness: All youll ever need to know
    ... that AES is secure, iff the adversary has no feasible means of telling ... fewer resourced than are necessary to try all keys. ... The attacker can certainly try various keys, ... "secure" a bit useless. ...
    (sci.crypt)
  • Re: [Full-disclosure] PcwRunAs Password Obfuscation Design Flaw
    ... those credentials (and only in memory); and in addition to all of that the ... The application accomplishes the encryption ... to the keys. ... if the attacker could alter code as you've ...
    (Full-Disclosure)
  • Re: [Full-disclosure] PcwRunAs Password Obfuscation Design Flaw
    ... those credentials (and only in memory); and in addition to all of that the ... The application accomplishes the encryption ... to the keys. ... if the attacker could alter code as you've ...
    (Full-Disclosure)
  • Re: What can I do about breakin attempts?
    ... are not just more secure, but also much easier to manage/handle; ... is a potential attacker). ... as long as there are no serious security flaws known about ... Passwords are simply not as secure as encrypted keys. ...
    (comp.os.linux.security)
  • Re: Pin generation algorithm question
    ... > You have to secure a number of keys in this instance, ... > tokens in the database with a secret key cipher, or better a keyed hash, and ... Assume that an attacker can monitor requests and observe the ...
    (sci.crypt)