User accounts have gone missing!

[Parko]

Of course, you dumb ****, especially living in CA where most of us have
experienced them.
Oh and they've never destroyed any of my computers. BTW, the OP never
said his computer was destroyed, nor did he mention anything about a
brown out, did he.
Best you just STFU or else I'll keep on kicking your lamer's ass.

You moron, are you having reading comprehension problems? I offered a
solution, which would work and I offered an opinion as to why it
happened.
What a stupid POS you are.

I don't, you do and you are. My solution worked, according to the OP. But
you don't want to read that, do you, because that is confirmation of your
general incompetence. You said the computer operator was to blame, the OP
said otherwise. He's been bagging you and your useless advice too. End of
story.

 

[Parko]

Yeah and maybe you and him are both ****ing idiot losers.

And the rest of this NG. Oh, the denial. Oh, the denial> whoosh.

BTW I speak HRH the Queen of England's English, you daft pillock.

 

[Arno]

You speak for them?...Hahahah...I don't think so!
Idiot!

Oh, the denial. Oh, the denial> whoosh.

You're even dumber than I originally thought!...LOL!
Oops!

Maybe you think you do, but you can't even spell the words you use
correctly.
**** off ****wit!...LOL!

Well, your anti-Killfile strategy and your bad manners,
and arrogance show your true colors. Quite obviously nobody
wants to interact with you unless you pay them to. Please
go away now.

Arno

 

[Yousuf Khan]

Well, your anti-Killfile strategy and your bad manners,
and arrogance show your true colors. Quite obviously nobody
wants to interact with you unless you pay them to. Please
go away now.

Arno

This thread is already ready for the bit-bucket. I got the answer I
needed. The rest of this is just name-calling.

God, who'd have thought there was somebody who made Rod Speed look like
a gentleman?

Don't reply, the thread will have already have been ignored.

Yousuf Khan

 

[Sunny Bard]

These things make me nervous, since neither the NTFS file system nor the SAM
file format is documented. I wish they'd just read the file and tell me
what the password is instead of changing it.

That would require the password itself to be stored *in* the file, which
it isn't, and you probably don't want to spend hours/days l0phtcracking
it ...

Peter's boot CD/USB is fine, as a get out of jail free card.

 

[Bob I]

These things make me nervous, since neither the NTFS file system nor the SAM
file format is documented. I wish they'd just read the file and tell me
what the password is instead of changing it.

Some security that would be.

 

[Parko]

These things make me nervous, since neither the NTFS file system nor the
SAM file format is documented. I wish they'd just read the file and
tell me what the password is instead of changing it.

The password files are encrypted. It's called security.



--
Where's the cursor?
Where's the eraser?
Where's the cursor?
Where's the eraser?
G-O-H-O-H-O-9-O
G-O-H-O-H-O-9-O
G-O-H-O-H-O-9-O
H-O-9-O-G-O-H-O

 

[John Turco]

Well, your anti-Killfile strategy and your bad manners,
and arrogance show your true colors. Quite obviously nobody
wants to interact with you unless you pay them to. Please
go away now.

Arno

These silly trolls are carrying their petty feud, here, from
another cross-posted newsgroup (<

 

[Bob I]

No shit Sherlocks. And changing the password doesn't require cracking that
security?

The password and account ARE secure, you won't be accessing the
account's encrypted files with a changed or flattened password.

 

[Rod Speed]

Tom Del Rosso wrote

Parko wrote

No shit Sherlocks. And changing the password doesn't require cracking that security?

Nope, changing doesnt, telling you what the current password is does.

 

[Rod Speed]

Tom Del Rosso wrote

Bob I wrote

So it puts the new password somewhere else?

Nope, it puts it in the same place, but encryption is a completely different process to decryption.

In fact when checking whether the password has been entered correctly when say logging
on, the password entered is encrypted and the encrypted form is compared with the stored
encrypted form of the original password and if they match, the password is correct. Thats
nothing like decrypting the stored form of the original password.

In fact it isnt even possible to reverse some forms of encryption at all, they are one way encryptions.

Where?

Same place the original was stored.

 

[Bob I]

Thanks. That's it then. I'm aware that there are non-reversible
encryptions, but I didn't consider that possible, because years ago I used
another password cracker (fee-based, from a commercial operation) to recover
a password from a Win2k system. It required copying the sam file and
emailing it to them. I guess they did it by brute force, until they found a
password that created the same encrypted data. I had always assumed they
decrypted it.

FWIW, a similar "cracking" method is used against MS Office documents,
brute force gets you some character string that provides the same
"hashcode", it opens the file but most likely wasn't the password
actually used.

 

[Arno]

FWIW, a similar "cracking" method is used against MS Office documents,
brute force gets you some character string that provides the same
"hashcode", it opens the file but most likely wasn't the password
actually used.

This is possible, BTW, because the people designing this system
did not have a clue and selected a too short hashcode.

The whole thing is derived from Unix password handling (which is
secure and works), but got broken in the process. No surprise when
looking at who did this....

Arno

 

[David Brown]

Thanks. That's it then. I'm aware that there are non-reversible
encryptions, but I didn't consider that possible, because years ago I used
another password cracker (fee-based, from a commercial operation) to recover
a password from a Win2k system. It required copying the sam file and
emailing it to them. I guess they did it by brute force, until they found a
password that created the same encrypted data. I had always assumed they
decrypted it.

Yes, these things are done by trial and error. Often such a company
will have large "rainbow" tables - they take tables of likely passwords
(such as common kids names, common pet names, misspellings of
"password", birthdays, etc.), dictionaries, etc., and run each one
through the password encryption algorithm. Then "cracking" the password
is as simple as looking it up in this table. If they get a match, they
have the original password. If not, then they need to run through
exhaustive searches.



If you ever have to break into a windows system again, it is a lot
easier to use a windows password reset live CD. These don't make any
attempt to identify the old password, but simply replace it with a known
(blank) one. It's a lot faster and cheaper than an external company.

If you actually need to recover the password rather than just change it
to something you know, there are again free tools for that.

 

[Arno]

Yes, these things are done by trial and error. Often such a company
will have large "rainbow" tables - they take tables of likely passwords
(such as common kids names, common pet names, misspellings of
"password", birthdays, etc.), dictionaries, etc., and run each one
through the password encryption algorithm. Then "cracking" the password
is as simple as looking it up in this table. If they get a match, they
have the original password. If not, then they need to run through
exhaustive searches.

The accepted countermeasure to Rainbow Tables is salting, i.e.
to add a non-secret random value. This increses the size of the
Rainbow Table to infesability. As Microsoft is not familiar with
salting, they do work there.

If you ever have to break into a windows system again, it is a lot
easier to use a windows password reset live CD. These don't make any
attempt to identify the old password, but simply replace it with a known
(blank) one. It's a lot faster and cheaper than an external company.

I second that. I did this several times with good success and
very reasonable effort.

If you actually need to recover the password rather than just change it
to something you know, there are again free tools for that.

Whether that works depends strongly on the individual password
scheme. MS is incompetent here (otherwise breaking would not
work at all for good passwords), but even they made improvements.

Here is an example illustratiung the "security mind-set" at Microsoft:
http://catless.ncl.ac.uk/risks/17.12.html
Scroll down to ''Microsoft "Bob" passwords''

Arno