Windows passwords - salts?

From: "James" <chartster@xxxxxxxxxxx>
Date: Tue, 22 Jan 2008 14:24:23 +1100

Hi all,

Just a quick question, another admin at my work struck up a conversation
about password strength in Windows, stating that salts were not used. This
came as a bit of a surprise, as I had never looked into the technicalities
of the windows password scheme.

Can somebody elaborate on whether this is true, and why salts are not used?
Any specific tech references would be nice for the train trip home.

Cheers,

James

.

Follow-Ups:
- Re: Windows passwords - salts?
  - From: Meinolf Weber

Prev by Date: Reset Password
Next by Date: Re: Which EFS certificate used?
Previous by thread: Reset Password
Next by thread: Re: Windows passwords - salts?
Index(es):
- Date
- Thread

Relevant Pages

Re: Windows passwords - salts?
... What I mean by salt is that, for example, UNIX appends a 12bit string to a password when hashing it to make cracking more difficult. ... To explain what I'm thinking (and if its the same as a seed in Windows) ... Anthony, http://www.airdesk.co.uk ... What do you mean with salts? ...
(microsoft.public.windows.server.security)
Re: Windows passwords - salts?
... What I mean by salt is that, for example, UNIX appends a 12bit string to a password when hashing it to make cracking more difficult. ... To explain what I'm thinking (and if its the same as a seed in Windows) ... Anthony, http://www.airdesk.co.uk ... What do you mean with salts? ...
(microsoft.public.windows.server.security)
Re: Windows passwords - salts?
... To explain what I'm thinking (and if its the same as a seed in Windows) ... What do you mean with salts? ... The lack of salting is a relic of a much earlier time when it was not ... targeted attack on one user account and password. ...
(microsoft.public.windows.server.security)