Re: Password management

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

The descriptions of invertible passwords does suggest that there is a potential security
hole, but that is not my problem to deal with; I have to understand how to get the
password back if there is a decision to enable invertible passwords.
joe

On Thu, 28 May 2009 14:21:12 -0700, "Tom Serface" <tom@xxxxxxxxxxxxx> wrote:

OK, that makes more sense. At least an encrypted password could be
decrypted, but there would have to be some really secret way to do it and
some would still see this as a security hole.

Tom

"Joseph M. Newcomer" <newcomer@xxxxxxxxxxxx> wrote in message
news:0k1r15d26orehqb87josqhc5d2npb712pn@xxxxxxxxxx
There should be no confusion. There are three approaches to storing a
password
plaintext
hashed
encrypted

Obviuosly, nobody does plaintext any longer. WIndows by default does
hashed, that is, a
non-invertible algorithm such that you cannot derive the original input
from the hash, and
encrypted, which is reversible.

The password is encrypted by Windows, not by the client. So the method of
decrypting is
not specified. We can assume for purposes of this discussion that the
password is
reversible, since that is part of the problem specification. If the
password were hashed,
the whole issue would be irrelevant and not be discussed.

It is not a choice of "pick one", it is a choice of "pick the one that
inverts the
encryption applied by Windows when it created the reversible encryption",
and that is what
I cannot discover. Alternatively, it could be "this is how you specify
the parameters for
the encryption" at which point the decryption becomes obvious. If I
encrypt with RSA256,
and have access to the private key, I know how to decrypt. What is
unspecified is how
Windows encrypts, or how Windows allows me to specify the parameters of
the encryption
algorithm.
joe
Joseph M. Newcomer [MVP]
email: newcomer@xxxxxxxxxxxx
Web: http://www.flounder.com
MVP Tips: http://www.flounder.com/mvp_tips.htm
.

Relevant Pages

  • Re: Password management
    ... The password is encrypted by Windows, ... So the method of decrypting is ... encryption applied by Windows when it created the reversible encryption", ... or how Windows allows me to specify the parameters of the encryption ...
    (microsoft.public.vc.mfc)
  • Re: user does not have acces privileges
    ... to reinstall the windows to do that. ... ownership is the reason of the inaccessibility. ... I'm not an expert but I find out, it is not the encryption but ... "Zorro" wrote: ...
    (microsoft.public.windowsxp.accessibility)
  • Re: user does not have acces privileges
    ... But now at the new files I should have the right EFS key in my computer. ... That means there is something wrong with the ownership settings and that was ... Or it is only matter if the encryption is combined with the ownership change? ... to reinstall the windows to do that. ...
    (microsoft.public.windowsxp.accessibility)
  • Re: Cannot access encrypted files after reinstalling Windows XP Professional
    ... able to break the encryption in a reasonable amount of time. ... > keys are generated each time you do an install, ... > they would be related to the Windows serial key, ... >>> All data files are stored on partition D:. ...
    (microsoft.public.windowsxp.security_admin)
  • RE: Windows Server 2003 - Not secure from my test but OSX from Mac is secure from the start
    ... When enabled in mode 3 you can store the system encryption key ... Sadly most Windows admins are not fully aware of all the security tools ... Worms & Port Scans ...
    (Security-Basics)