Ce site est optimisé pour être consulté depuis un navigateur moderne dans lequel JavaScript est activé.

Comment les identifiants Windows mis en cache sont-ils stockés sur la machine locale ?

ayi

How are cached Active Directory domain credentials stored on a Windows client? Are they stored in le local SAM database, thus making them susceptible to le même rainbow table attacks that local user accounts are susceptible to, ou are they stored differently? Note, that I do realize that they are salted et hashed, so as pas to be stored in plain-text, mais are they hashed in le même way as local accounts et are they stored in le même location?

I realize that at a minimum they're be susceptible to a brute force attack, mais c'est a much better situation than being vulnerable to rainbow tables in le event of a stolen machine.

ayi

"Cached credentials"

Cached credentials for an AD domain are actually salted double hashes of le password et stored in le HKLM\Security hive. The file location of le hive is:
%systemroot%\System32\config\SECURITY

Only le "system" user has access to le registry keys:

HKLM\Security\Cache\NL$n où n is an index 1 to le maximum number of cached credentials.

Susceptibility to Attacks

WinNT to WinXP used "Lan Manager" hashes for local accounts, qui are easily broken on modern hardware. Cracking usually takes plusieurs minutes (I recently did 3 passwords in 00:08:06) avec juste a "normal" desktop computer. Lan Manager hashes are pas salted, so there are publicly disponible rainbow tables too.

Vista et later use NT hashes for local accounts. Windows 2000 et later use NT hashes for domain accounts as well. NT hashes are salted double-MD4 hashes. The per-entry salt prevents le use of rainbow tables, mais MD4 can be executed très fast on modern hardware: about 6 compute-years for a 60-bit password. With luck et a 6 GPU cluster a cracker can break this sort of password in ₆ months. Taking that to le cloud, about $35k on Amazon EC2 GPU - depending on availability, it could be hours.