On Sat, 9 Dec 1995 03:15:51 -0500 (EST) you wrote:
I don't quite agree with the last part. It might be educational to do a spot of cryptanalysis in an attempt to determine the nature of the proprietary algorithm used. It wouldn't be "cracking" the password protection, but I think the general effort to "out" proprietary crypto algorithms is productive, particularly in the case of major software packages.
Anyone feel like putting together some sample plaintext/ciphertext pairs ?
Well, the problem with coming up with plaintext/ciphertext is that I've never been able to find out exactly where the the SAM database is physically stored. Using Registry Editor, it's visible but not accessible as part of the Registry. Microsoft's APIs won't give you access to the stored ciphertext, so some serious hacking is required here, I'm just not sure where to begin. I think a hacked version of the Registry APIs that allow you to read the ciphertext would be a good place to start, but again, I'm not sure where to begin writing such a thing. The second problem is that we're not sure exactly what gets hashed and in what order. Is it username0x00password0x00domainname0x00SID or something similar? Tough to tell and MSoft wants to rely on the "tamper-proofness" of NT rather than on algorithmic security. If anyone has more information on these issues, I'd love to know what's really going on there. Dan *************************************************************** #define private public dan@milliways.org Worcester Polytechnic Institute and The Restaurant at the End of the Universe ***************************************************************