Security Accounts Manager

The Security Accounts Manager (SAM) file in Windows XP, Windows Vista and Windows 7 stores users' passwords in a hashed format (in LM hash and NTLM hash). Since a hash function is one-way, this provides some measure of security for the storage of the passwords.

In an attempt to improve the security of the SAM database against offline software cracking, Microsoft introduced the SYSKEY function in Windows NT 4.0. When SYSKEY is enabled, the on-disk copy of the SAM file is partially encrypted, so that the password hash values for all local accounts stored in the SAM are encrypted with a key (usually also referred to as the "SYSKEY").

In the case of online attacks, it is not possible to simply copy the SAM file to another location. The SAM file cannot be moved or copied while Windows is running, since the Windows kernel obtains and keeps an exclusive filesystem lock on the SAM file, and will not release that lock until the operating system has shut down or a "Blue Screen of Death" exception has been thrown. However, the in-memory copy of the contents of the SAM can be dumped using various techniques (including pwdump), making the password hashes available for offline brute-force attack.

Read more about Security Accounts Manager:  Removing LM Hash, Related Attacks

Famous quotes containing the words security, accounts and/or manager:

    The horror of class stratification, racism, and prejudice is that some people begin to believe that the security of their families and communities depends on the oppression of others, that for some to have good lives there must be others whose lives are truncated and brutal.
    Dorothy Allison (b. 1949)

    The mystical nature of American consumption accounts for its joylessness. We spend a great deal of time in stores, but if we don’t seem to take much pleasure in our buying, it’s because we’re engaged in the acts of sacrifice and self-definition. Abashed in the presence of expensive merchandise, we recognize ourselves ... as supplicants admitted to a shrine.
    Lewis H. Lapham (b. 1935)

    I knew a gentleman who was so good a manager of his time that he would not even lose that small portion of it which the calls of nature obliged him to pass in the necessary-house, but gradually went through all the Latin poets in those moments. He bought, for example, a common edition of Horace, of which he tore off gradually a couple of pages, read them first, and then sent them down as a sacrifice to Cloacina: this was so much time fairly gained.
    Philip Dormer Stanhope, 4th Earl Chesterfield (1694–1773)