Security Accounts Manager

The Security Accounts Manager (SAM) file in Windows XP, Windows Vista and Windows 7 stores users' passwords in a hashed format (in LM hash and NTLM hash). Since a hash function is one-way, this provides some measure of security for the storage of the passwords.

In an attempt to improve the security of the SAM database against offline software cracking, Microsoft introduced the SYSKEY function in Windows NT 4.0. When SYSKEY is enabled, the on-disk copy of the SAM file is partially encrypted, so that the password hash values for all local accounts stored in the SAM are encrypted with a key (usually also referred to as the "SYSKEY").

In the case of online attacks, it is not possible to simply copy the SAM file to another location. The SAM file cannot be moved or copied while Windows is running, since the Windows kernel obtains and keeps an exclusive filesystem lock on the SAM file, and will not release that lock until the operating system has shut down or a "Blue Screen of Death" exception has been thrown. However, the in-memory copy of the contents of the SAM can be dumped using various techniques (including pwdump), making the password hashes available for offline brute-force attack.

Read more about Security Accounts Manager:  Removing LM Hash, Related Attacks

Famous quotes containing the words security, accounts and/or manager:

    Of course we will continue to work for cheaper electricity in the homes and on the farms of America; for better and cheaper transportation; for low interest rates; for sounder home financing; for better banking; for the regulation of security issues; for reciprocal trade among nations and for the wiping out of slums. And my friends, for all of these we have only begun to fight.
    Franklin D. Roosevelt (1882–1945)

    Every gazette brings accounts of the untutored freaks of the wind,—shipwrecks and hurricanes which the mariner and planter accept as special or general providences; but they touch our consciences, they remind us of our sins. Another deluge would disgrace mankind.
    Henry David Thoreau (1817–1862)

    Nothing could his enemies do but it rebounded to his infinite advantage,—that is, to the advantage of his cause.... No theatrical manager could have arranged things so wisely to give effect to his behavior and words. And who, think you, was the manager? Who placed the slave-woman and her child, whom he stooped to kiss for a symbol, between his prison and the gallows?
    Henry David Thoreau (1817–1862)