Re: Effect of "reversible encryption..." on Windows XP.

From: Datta (dattatrayamk_at_hotmail.com)
Date: 03/07/05


Date: Mon, 07 Mar 2005 18:21:00 +0530

Hi,

That is True. The passwords themselves are not stored, rather hashes are
stored. But, the hash in the registry remains same before and after
changing this setting. This makes me wonder, what the policy setting
changing?

Any idea?

Thanks in advance,
Datta.

Steven Umbach wrote:
> It should only be used if needed for to accommodate authentication methods that
> require it. Some remote access authentication methods such as chap require it.
> It weakens security quite a bit and would make it fairly easy for someone who
> has physical access to your computer to obtain your passwords. Normally
> passwords themselves are not stored - just a hash of the password is. The link
> below explains more. ---- Steve
>
> http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/505.mspx
>
> "Datta" <Datta@discussions.microsoft.com> wrote in message
> news:B1C8EE48-9ADC-4956-A3B1-1480329DF352@microsoft.com...
>
>>Hello,
>>
>>I was wondering what effect the policy setting "Store password using
>>reversible encryption for all users in the domain" has on Windows XP since it
>>does not support Active Directory and hence cannot contain any domain users.
>>I enabled it on my XP box using gpedit.msc and verfied using rsop.msc that
>>in the effective settings it is enabled. However, I fond that the password
>>hash present in registry is same irrespective of this setting. I also tried
>>creating new users after enabling/disabling the policy to check if the effect
>>is only on new users. I found that it has no effect what so ever on the way
>>passwords are stored internally in registry.
>>
>>Would some one help me understand, what this setting is meant for on Windows
>>XP?
>>
>>Kindly let me know if I am misinterpreting something.
>>
>>Thanks in advance.
>>
>>Regards,
>>Datta.
>
>
>



Relevant Pages

  • Re: Password hashes
    ... NTLM hash as the key. ... There is however no locally stored NTLMV2 hash of passwords. ... Auditing and reviewing the security logs ... secure their network and data and the documentation to do such at TechNet ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Windows XP / 2K3 Default Users
    ... Cracking the 'passwords' has never been ... The gist of the 'technique' is the "Modifying Windows NT Logon Credential" ... existing windows applications that use the hash currently set to ... and then re-use those hashes to try to get authenticated access to other ...
    (Pen-Test)
  • Re: SQL Storing Passwords?
    ... Subject: SQL Storing Passwords? ... First of all, storing salts next to a hash is not bad design, it ... we examine the importance of Apache-SSL and who needs an SSL ... use a thawte Digital Certificate on your Apache web server. ...
    (Security-Basics)
  • Re: Pidgin IM Client Password Disclosure Vulnerability.
    ... because we need to be able to generate the hash a given ... Some protocols can ask for different types of hashes at ... passwords stored in it ... lost, you have much bigger problems than lost IM passwords. ...
    (Bugtraq)
  • Re: Decrypt fails
    ... I am creating a MD5 hash data and then using it to derive a key ... (CALG_RC2 encryption algorithm). ... My requirement concerns more with not storing passwords in plain ... > that he provided and compare it to the hash in the database. ...
    (microsoft.public.platformsdk.security)