No announcement yet.

Windows Reversible Encryption Risks

  • Filter
  • Time
  • Show
Clear All
new posts

  • Windows Reversible Encryption Risks

    Greetings all,

    Everyone in the IT world knows that the 'Store Password using Reversible Encryption' option should be turned off unless you really need it, otherwise the password is stored in what might as well be plain text.

    That's all fine, but does anyone know where those passwords are stored and how to get at them? And if so which algorithm is used for the reversible encryption.

    I'm assuming they are in the sam on standalones and in AD on domain machines, but I found nothing on Google to confirm/deny that. I'm wondering how an attacker would know you had that option enabled and what they might do to get to the hashes.

    Clearly I'm missing something; I'm trying to work out exactly how bad a security risk this is, because we kinda need it on... but I really don't like the idea!

    I nerd therefore I am!

  • #2
    Re: Windows Reversible Encryption Risks

    You are not the only one. Some time ago we had a similar thread and came up empty handed:
    Guy Teverovsky
    "Smith & Wesson - the original point and click interface"


    • #3
      Re: Windows Reversible Encryption Risks

      Ah yes, very similar. Unfortunately I didn't search the AD forum originally - doh!

      Well, the only info I've found on this is when it's related to SPAP, the Shiva authentication protocol (RAS boxes).

      Apparently SPAP transmits the reversibly encrypted password, and is therefore vulnerable to replay attacks. Technet

      So it seems that the weakness is only related to those accounts that actually use something like SPAP to authenticate (or MACs), and can therefore be captured.

      I'll have a read of my hacking book and try and learn to do a replay attack on my box... wish me luck
      I nerd therefore I am!