![]() Even if it's using a unique file name, it's a predictable file name in a predictable location. For most PCs, that means a new shadow copy every month.Ī shadow copy isn't always that hidden. Your PC creates a shadow copy every time it installs a system update or upgrade. But Lykkegaard found that he, even as an unprivileged user, could access the backed-up version of the SAM file in the "shadow copy" that most Windows systems create.Ī shadow copy is a backup, hidden on the main drive, of a Windows system's most important files. It's not easy for any user to access the SAM file while a computer is running. So it's not good when any piece of software or any user on a Windows system can suddenly see the NTLM hashes of all the other users' passwords. The problem is that the NTLM algorithm is pretty weak, and hashes can often be "cracked," or reversed to give the original password.Įven worse, some Windows-related functions, such as accessing a networked server, let you log in using the NTLM hash rather than the password itself. As an example, the hash of "password", using Microsoft's own NTLM algorithm, is "8846F7EAEE8FB117AD06BDD830B7586C". "Hashing" passwords means running them through a one-way encryption algorithm that cannot (in theory) be reversed. The SAM file in the Windows Registry contains "hashed" versions of all the user passwords on a given Windows system, including the passwords of administrative users. ![]() See more So what's up with this Windows flaw?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |