1

I need to find some materials about how Security Accounts Manager(SAM) works in windows 7+. I am confused with the storage format of hashed value.

Many materials (such as, 1) tells me that it uses NTLM(or NTLM v2). However, as far as I understand, the security level of NTLM is very low. Most OS(such as unix) will provide random salt to enhance basic security level. For NTML, we can break it easily with brute force in several days(even several hours with great device). Also, if we use rainbow table, we can achieve perfect result.

Some other materials (such as, 2) tells me that Windows Vista or above has replaced NTLM with Kerberos. Does it affect SAM? If so, in default, which hash algorithm does it use in Windows 7 or above?

To make my question clearly, I want to list them below.

  1. Does NTLM or NTLMv2 use salt?

  2. Which algorithm does windows 7 or windows 8 use for SAM?

  3. Whether kerberos affects the hashed format of SAM?

user3381634
  • 11
  • 2
  • This is overthinking it. Check this one out: https://security.stackexchange.com/questions/168940/what-harm-is-there-in-obtaining-password-hashes-in-a-windows-environment – SDsolar Sep 07 '17 at 02:53

1 Answers1

1

Kerberos is only available when you have a central server available, for instance, an Active Directory Domain Controller.

  1. No, it does not use salt.

  2. It uses NTLM if it isn't a part of a domain. Details.

  3. Kerberos does not affect the hashed format of SAM.

JZeolla
  • 2,936
  • 1
  • 18
  • 25