Re: Disabling LM Hash creation

From: rusga (reply2newsgroup_at_nntp)
Date: 10/03/04 

Date: Sun, 03 Oct 2004 10:13:56 +0100

Can anyone test this?

Regards,
rusga

On Thu, 30 Sep 2004 09:05:01 -0700, <Karl Levinson [x y]> wrote:

>
>
> "rusga" wrote:
>
>> .... the setting was now active, but according to LC4, what happened
>> was:
>>
>> a) The LM and NTLM passwords changed to an *empty* state to all users
>> afected.
>> b) The LM and NTLM hashes *were created anyway*.
>> c) The LM and NTLM hashes were *the same for all users* afected (same
>> empty seed).
>>
>> Now, these few questions arise:
>>
>> a) Isn't this a worse security scenario?
>
> No, not if you can't use those hashes to log in. If there was a way to
> use
> those hashes [like if an attacker was somehow able to change that
> registry
> value back and reboot the machine, and if this allowed you to log in
> using
> blank passwords], then I suppose that could be a problem. But it
> remains to
> be seen whether that scenario is even possible, and even if it was, you
> would
> probably need to somehow gain administrator privileges to change that
> registry value, at which point you already own the machine anyways
> without
> needing to reboot.
>
>> b) Shouldn't the key be renamed to "Blank_LM/NTLM_Passwords" (or the
>> like)?
>
> If you did, you'd cause backwards compatibility issues and have problems
> with consistency when templates for one OS is accidentally applied to
> other
> OSes. Unfortunately there are a lot of registry values with cryptic or
> misleading names. Keeping registry value names short might help keep the
> registry smaller, which might help enhance performance. The NoLMHash
> name
> might still be accurate if this value makes it so that no valid LM
> hashes can
> be used or cracked.
>

Relevant Pages

  • RE: Disabling LM Hash creation
    ... > a) Isn't this a worse security scenario? ... not if you can't use those hashes to log in. ... those hashes [like if an attacker was somehow able to change that registry ... needing to reboot. ...
    (microsoft.public.win2000.security)
  • Re: WMP 11 installation troubles
    ... wrong or your registry is corrupt. ... See http://zachd.com/pss/pss.html for some helpful WMP info. ... "C:\WINDOWS\system32\iertutil.dll" on next reboot. ...
    (microsoft.public.windowsmedia.player)
  • Re: AV in rsaenh.dll
    ... would bsod then reboot itself over and over again. ... the boot list. ... If this is a registry setting, is there anyway to reset sections ... execution via regsvr32.exe. ...
    (microsoft.public.windowsupdate)
  • Windows XP Unexpectedly Shuts Down and Reboots
    ... After each reboot, I was told ... >Within a few days the problems with the registry got ... >and reinstalled Windows. ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: HKLMSoftware key grayed out
    ... > there's a process run that schedules a job using Task Scheduler. ... due to the registry problems. ... Yet this is gone on a reboot? ... replace from last available backup hive file). ...
    (microsoft.public.win2000.registry)
Quantcast