Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Eric (ewstellurian.net)
Date: Tue Feb 19 2002 - 12:19:36 CST
It is not a 'cachedpassword' as the reg key name implies. It is an OWF
hash verifier of the password hash - it is not possible to reverse this
value to obtain either the LM or NTLM hashes, nor the clear-text password.
At 06:17 PM 2/18/2002 +0100, Varga Daniel (QI/RZS4) * wrote:
>do you know, whether it is possible for an attacker to crack the cached
>credentials of a domain user on an offline notebook?
>I tried lsadump2 (http://razor.bindview.com/tools/desc/lsadump2_readme.html)
>but cannot judge whether this information is any useful for an attacker to
>get the cached password of a domain user. Does anyone of you?
>We plan to roll out EFS to secure our notebooks in case they get lost but as
>I see the security of EFS stands and falls with the security of the password
>of the user.