lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <018501c67142$3d267ab0$2201a8c0@othello>
Date: Sat May  6 20:21:24 2006
From: niceman at att.net (Mike N)
Subject: Windows XP Home LSA secrets
	storesXPloginpassphrase in plain text

The administrator account in Windows does not automatically hold all EFS keys.  It fully depends on how EFS was configured for the machine.  A secondary EFS recovery account is *often* assigned to the domain administrator, or an administrator account, but it's quite possible to allow only the assigned account access to EFS files with no secondary EFS recovery account.  For that case adminstrator access is useless for accessing EFS files. 

  ----- Original Message ----- 
  From: John Doe 


  As what comes to EFS, once you get hold of the administrator 
  account, you can decrypt the EFS for _all_ users on the computer. It doesn't
  matter how you acquired the password.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060506/89d259fa/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ