RE: focus-ms@securityfocus.com

From: Fred Langston (Fred.Langston_at_guardent.com)
Date: 09/05/03

  • Next message: Jake Frost: "MS03-008 and SP4"
    To: 'Zachary Mutrux' <zmutrux@compumentor.org>, focus-ms@securityfocus.com
    Date: Fri, 5 Sep 2003 16:11:27 -0400 
    
    

    These are encrypted using a one-way hash; hence, the encryption is
    irreversible by definition.

    Fred Langston, CISSP
      Senior Principal Consultant
      W: 206.903.8147 x223 F: 206.903.1862 M: 425.765.3330
      Seattle, WA www.Guardent.com
    ________________________________________
    G U A R D E N T
      Enterprise Security and Privacy Programs

    -----Original Message-----
    From: Zachary Mutrux [mailto:zmutrux@compumentor.org]
    Sent: Friday, September 05, 2003 10:31 AM
    To: focus-ms@securityfocus.com
    Subject: RE: focus-ms@securityfocus.com

    Thank you, Brian.

    > "irreversibly"?

    So the credentials are encrypted and stored in the registry after you
    successfully authenticate to a domain controller. Then when a domain
    controller is not available, you submit your credentials again, they are
    encrypted again, and they are compared with the encrypted copy that is
    cached. If they match, you get in.

    It does seem to me that anything that can be encrypted can be decrypted.
    Especially if the same method results in two encrypted copies that can be
    compared. Does anyone disagree?

    Zac

    > -----Original Message-----
    > From: Perry, Brian [mailto:Brian.Perry@phns.com]
    > Sent: Thursday, September 04, 2003 7:32 AM
    > To: Paulo Wilbert; Kim Oppalfens; simonis@myself.com; fala83@libero.it
    > Cc: focus-ms@securityfocus.com; todd@toddschubert.com
    > Subject: RE: focus-ms@securityfocus.com
    >
    >
    > If I may....Quoting MS Security Resource Kit... pg.79
    >
    > Cached Credentials
    > "By default, Windows NT, Windows 2000, and Windows XP cache the
    > credentials of domain accounts used to log on to the network at the
    > local computer. The credentials include the users name, password, and
    > domain. Rather than storing the actual credential information, the
    > information is stored in an irreversibly encrypted form and on the
    > local computer."
    >
    > "irreversibly"?
    >
    > bp

    ---------------------------------------------------------------------------
    KaVaDo provides the first and only integrated Web application scanner and
    firewall security suite that prevent Web applications attacks, the most
    common form of online exploitation. Download a FREE whitepaper on Security
    Policy Automation for Web Applications.
    http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    KaVaDo provides the first and only integrated Web application scanner and
    firewall security suite that prevent Web applications attacks, the most
    common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
    http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
    ---------------------------------------------------------------------------


  • Next message: Jake Frost: "MS03-008 and SP4"