Fundamentals of Windows
- Adding a New User
- Setting Windows Security
- Creating and Viewing Logs
- Viewing Systems Information
- Disk Management and Services
- Setting Network Properties
- Passwords
- Password hashes are kept in a security database (SAM - security account manager) in \Windows-directory\system32\config\SAM; file is locked when NT is running
- Copy of password file is copied into the Windows-directory\repair folder
- NT uses two hash algorithms to encrypt passwords
- NT hash - password converted to Unicode and then run through MD4 hash algorithm to obtain a 16-byte value
- LAN Manager hash - password padded with 0's up to length of 14 characters, converted to uppercase, split into two 7-character pieces. Each half is encrypted using 8-byte DES (data encryption standard) keys. Result is combined into a 16-byte, one-way hash value.
- Passwords are not randomized with a salt value (hence you only have to crack the same password for two users once)
Please mail any comments about this page to summers_wayne@ColumbusState.edu