Re: NT SysKey should be breakable

Mikael Olsson (mikael.olssonENTERNET.SE)
Sun, 10 Oct 1999 15:00:31 +0200

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Seth R Arnold: "Re: Console permissions in RH 6.X (was: Re: Window manager - impementation...)"
• Previous message: Todd Sabin: "Re: NT SysKey should be breakable"
• In reply to: Mikael Olsson: "NT SysKey should be breakable"

Todd Sabin wrote:
>
> I think the things most worth looking at are what can you do if you
> e.g., steal a machine or backup tape, but don't get the SYSKEY. These
> are the types of attacks it's meant to protect against.
>

Point taken.

I was thinking along the lines "what if you can't upload pwdump
to the host?", but then you can't upload code to get to the
syskey either... Wonder where I'd left my brain.

Anyhow, speaking of getting hold of an encrypted SAM file, either
through being able to download it or getting hold of a backup
or an rdisk...

Even if syskey only encrypts the password hashes, I'm willing to bet
that there's going to be at least ONE password that's less than 8
chars, and we know what happens to the last half of the password
hashes when the password is less than 8 chars, don't we?
*wink* *wink*
- Can we say "known plaintext"? :-)

--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50           Fax: +46-(0)660-122 50
Mobile: +46-(0)70-248 00 33
WWW: http://www.enternet.se        E-mail: mikael.olssonenternet.se

• Next message: Seth R Arnold: "Re: Console permissions in RH 6.X (was: Re: Window manager - impementation...)"
• Previous message: Todd Sabin: "Re: NT SysKey should be breakable"
• In reply to: Mikael Olsson: "NT SysKey should be breakable"

This archive was generated by hypermail 2.0b3 on Mon Oct 11 1999 - 19:46:42 CDT