At 11:39 AM 12/11/95 +0000, you wrote:

Futplex wrote:

...

someone quoted: Microsoft Knowledge Base article Q102716 says:

...

Storage of the Passwords in the SAM Database [...] The second encryption is decryptable by anyone who has access to the double-encrypted password, the user's RID, and the algorithm. The second encryption is used for obfuscation purposes.

Anyone feel like putting together some sample plaintext/ciphertext pairs ?

This will be really difficult, and in practice rather pointless. NT does not allow any user, priviliged or not, to gain access to any form (encrypted or not) of the passwords. They are stored in a protected area of the system registry that only the OS itself can access. The best that you can do is to ask the OS whether a given username/password pair is valid or not, and it took until version 3.51 before MS let you do even that! I took a quick look in my NT registry and you can get access to the Account Manager section of the registry by manually changing the permissions and giving yourself access. I didn't have the time to look at all of the entries in the registry, but there's a lot of stuff there and I wouldn't be suprised if the encryted passwords were available. Of course, you have to be an administrator to change the permissions, but it is possible.

Ted Cabeen cabeen@netcom.com Finger for PGP Public Key secabeen@midway.uchicago.edu "I have taken all knowledge to be my province." cococabeen@aol.com