General discussion


Are previous user-passwords discovrable?

By btelc ·
Investigating an internal security breach, I'd like to know what previous passwords a suspect has used, in an NT/4, Win2K, A/D environment. We force p/w change every 90 days, and disallow use of previous passwords. Q1: how far back does the OS check...12 passwords? Q2: is the length of this list a system parameter? Q3: is there a way a sysadmin can decrypt this file and see the prior passwords?
Thanks for your help.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by jarrettc In reply to Are previous user-passwor ...

I only have an answer for Q1 and Q2 right now.

If you are using Win2k then the option is an editable parameter, that can be up to 24 passwords. I think it defaults to 24 on DC's. The password policy is edited in here: Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\

If you are using WinNT, I don't know what the max is, however its under the User Manager for Domains and from the Policies drop down its under Account. You'll see a password uniqueness section.

I have no clue on question 3 and sent a question into L0pth to see if l0pthcrack has the ability to find that information out. My guess is that there isn't a way to find that information with any "off-the-shelf" program out there. Manually doing would require some expertise that I don't have.

Collapse -

by jarrettc In reply to

I have yet to hear back from L0pth and doubt that there is a way via a off-the-shelf program to do this. I'd check some newsgroups to see if anyone else has attempted to do this type of thing and you of course can always try contacting L0pht yourself: or

Collapse -

by jarrettc In reply to

Related Discussions

Related Forums