|
The Security Account Manager (SAM) is a database file , Windows Vista and Windows 7 that stores users' passwords. It can be used to authenticate local and remote users. Beginning with Windows 2000 SP4, is used to auth{enticate remote users. SAM uses cryptographic measures to prevent forbidden users to gain access to the system. The user passwords are stored in a hashed format in a registry hive either as a or as a hash. This file can be found in %SystemRoot%/system32/config/SAM and is mounted on HKLM/SAM.In an attempt to improve the security of the SAM database against offline software cracking, Microsoft introduced the SYSKEY function in Windows NT 4.0. When SYSKEY is enabled, the on-disk copy of the SAM file is partially encrypted, so that the password hash values for all local accounts stored in the SAM are encrypted with a key (usually also referred to as the "SYSKEY"). It can be enabled by running the syskey program.==Cryptanalysis== Since a hash function is one-way, this provides some measure of security for the storage of the passwords. In the case of online attacks, it is not possible to simply copy the SAM file to another location. The SAM file cannot be moved or copied while Windows is running, since the Windows kernel obtains and keeps an exclusive filesystem lock on the SAM file, and will not release that lock until the operating system has shut down or a "Blue Screen of Death" exception has been thrown. However, the in-memory copy of the contents of the SAM can be dumped using various techniques (including pwdump), making the password hashes available for offline brute-force attack. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Security Account Manager」の詳細全文を読む スポンサード リンク
|