0
Let's say I have a computer with win7 and I made 2 different accounts. Now I've set the same password for both accounts. My question is whether the hashes of the passwords in the SAM file will be same or not?
Thanks.
0
Let's say I have a computer with win7 and I made 2 different accounts. Now I've set the same password for both accounts. My question is whether the hashes of the passwords in the SAM file will be same or not?
Thanks.
2
Yes: users with the same password will share the same hash.
Instead of storing your user account password in clear-text, Windows generates and stores user account passwords by using two different password representations, generally known as "hashes." When you set or change the password for a user account to a password that contains fewer than 15 characters, Windows generates both a LAN Manager hash (LM hash) and a Windows NT hash (NT hash) of the password. These hashes are stored in the local Security Accounts Manager (SAM) database or in Active Directory.
Neither the NT hash nor the LM hash is salted.
Source: Passwords Technical Overview
Open a command prompt as administrator, and execute the following commands:
net user "UserA" "Passw0rd!" /add
net user "UserB" "Passw0rd!" /add
Dump the local LM/NT hashes using fgdump
.
Here are the results in different operating systems:
Windows 2000 / XP
UserA:1001:B34CE522C3E4C87722C34254E51BFF62:FC525C9683E8FE067095BA2DDC971889:::
UserB:1002:B34CE522C3E4C87722C34254E51BFF62:FC525C9683E8FE067095BA2DDC971889:::
Windows Vista / 7
UserA:1001:NO PASSWORD*********************:FC525C9683E8FE067095BA2DDC971889:::
UserB:1002:NO PASSWORD*********************:FC525C9683E8FE067095BA2DDC971889:::
Briefly, the first field is the user account name; the second field is the unique Security Identifier for that account; the third field is the LM hash; the forth field is the NT hash.
The main difference is that starting with Windows Vista the the LM hash is no longer stored by default for security reasons. Apart from that, you can clearly see the hashes are identical.
1
Beginning with Windows Vista, Windows uses NTLMv2 to hash the passwords. Before this, the passwords would not be salted, making password hashes much less complicated and easy to get. Two users that have the same password should not have the SAM hash because of this salt.
Salt works by adding characters in some part of the password, making the password hash harder to brute force.
And how about older windows versions? Password weren't salted? If not, then how would two exact same passwords result in different hashes? – NirPes – 2014-03-25T14:14:50.327
NTLM (and LM, if I'm not mistaken) were not salted, making rainbow tables (basically hash-password matching tables) easier to generate. I'm not sure if the hashes are different in NTLM or LM. – Justin Krejcha – 2014-03-26T03:15:20.433
Ty, but you didnt fully answer my question... On old win vers, if the hashes werent salted, then two users with the same passwords would result in the same hash in the SAM file? – NirPes – 2014-03-26T05:32:02.980
Probably. I'm not sure of this though. – Justin Krejcha – 2014-03-26T05:32:36.077
Anyone else knows? – NirPes – 2014-03-26T05:33:29.767
1
Wrong. Windows password hashes are not salted at all. Also, NTLMv2 is an authentication protocol which has been available long before Windows Vista was released, and has nothing to do with the way hashes are locally stored.
– and31415 – 2014-03-28T12:26:53.953
Related/Possible dupe: How are windows passwords handled?, perhaps also see Will using the same password on windows 7 and Ubuntu make it easier to crack either?
– Ƭᴇcʜιᴇ007 – 2014-03-25T13:55:24.670