Understand-Microsoft-Authentication

Understand Microsoft Authentication

Understand Microsoft Authentication in this article When users log in to the Windows pc, a series of steps is performed for user authentication. The Windows OS authenticates its users with the help of 3 mechanisms (protocols) provided by the Microsoft.

SAM database

Windows uses the sam info to manage user accounts and passwords within the hashed format (one-way hash). The system doesn’t store the passwords in plaintext format however stores them in hashed format in order to guard them from attacks. The system implements sam info as a registry file. The Windows kernel obtains And keeps an exclusive file system locked on the sam file, as this file consists of a file system lock, that provides some security for the storage of passwords.

It is impossible to repeat the sam file to a different location just in case of online attacks. as a result of the system locks the sam file with AN exclusive file system lock, a user cannot copy or move it while Windows is running. The lock won’t release till the system throws a blue screen exception or the OS has pack up. However, to form the secret hashes available for offline brute-force attacks, attackers will dump the on-disk contents of the sam file using various techniques.

The sam file uses a SYSKEY function (n Windows nt 4.0 and later versions) to partially encrypt the password hashes.

Even if hackers use subterfuge techniques to get the contents, the encrypted keys with a one-way hash create it tough to hack. additionally, some versions have a secondary key, making the encryption specific thereto copy of the OS.

Related Product : Computer Hacking Forensic Investigator | CHFI

NT computer network Manager (NTLM) Authentication

NTLM may be a default authentication theme that performs authentication employing a challenge/response strategy. as a result of it doesn’t deem any official protocol specification, there’s no guarantee that it works properly in each scenario. it’s been on some Windows installations wherever it worked with success. NTLM authentication consists of 2 authentication protocols: NTLM and lm. These protocols use totally different hash methodology to store users’ passwords in the sam info.

Kerberos Authentication

Kerberos may be a network authentication protocol that gives strong authentication for client/server applications by using secret-key cryptography. This provides mutual authentication, therein each the server and therefore the user verify every other’s identity. Messages sent through Kerberos protocol ar protected against replay attacks and eavesdropping.

Kerberos makes use of the Key Distribution Center (KDC), a trusted third party. This consists of 2 logically distinct parts: AN Authentication server (AS) and a ticket Granting Server (TGS). Kerberos use “tickets” to prove a user’s identity.

How Hash Passwords are stored in Windows SAM?

Windows OSs use sam database file to store user passwords. The surface-to-air missile file is stored at %SystennRoot%/system32/config/SAM in Windows systems, and Windows mounts it within the register underneath the HKLM/SAM register hive. It stores lumen or NTLM hashed passwords.

NTLM supersedes the lumen hash, that is liable to cracking. New versions of Windows still support lumen hashes for backward compatibility; but, aspect and later Windows versions disable lumen hash by default. The lumen hash is blank in newer Windows versions. choosing the choice to remove lumen hashes enables an additional check throughout secret modification operations however doesn’t clear lumen hash values from the surface-to-air missile immediately. The sam file stores a “dummy” price in its info, that bears no relationship to the user’s actual secret and is that the same for all user accounts. it’s impractical to calculate lumen hashes for passwords exceeding fourteen characters long. Thus, the lumen hash price is about to a “dummy” price once a user or administrator sets a secret of over fourteen characters.

Also Read : Password Cracking Techniques

Questions related to this topic

  1. Which protocol is used for authentication?
  2. What is the default Windows authentication protocol?
  3. What is remote authentication protocols?
  4. At what stage of Windows startup must users provide their credentials for authentication?

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

https://g.co/kgs/ttqPpZ

Leave a Comment