RE: Where are Windows "Enforce password history" passwords stored?

From: Wil.Allsopp@ins.com
Date: Tue Aug 30 2005 - 16:59:03 EDT

• Next message: Adam Chesnutt: "Re: Business justification for pentesting"
• Previous message: nightstorm@hushmail.com: "P2P Tools and Shared Directory Tools"
• Maybe in reply to: Charles Gillman: "Where are Windows "Enforce password history" passwords stored?"
• Next in thread: Steve A: "RE: Where are Windows "Enforce password history" passwords stored?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

James Leighe [jamesleighe@gmail.com] wrote:

>It's stored as a hash, so if you find out how to access them, you
>would have to crack it. So basically, it's not worth the time when an
>attacker could just go for the current password.

This shows a fundamental misunderstanding of security as well as the way
hackers think. There are many advantages for an attacker to have your
previous passwords - passwords are reused and some may be current on
peripheral or entirely separate systems.

Wil

• Next message: Adam Chesnutt: "Re: Business justification for pentesting"
• Previous message: nightstorm@hushmail.com: "P2P Tools and Shared Directory Tools"
• Maybe in reply to: Charles Gillman: "Where are Windows "Enforce password history" passwords stored?"
• Next in thread: Steve A: "RE: Where are Windows "Enforce password history" passwords stored?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:48 EDT