General discussion

  • Creator
  • #2297038

    Are previous user-passwords discovrable?


    by btelc ·

    Investigating an internal security breach, I’d like to know what previous passwords a suspect has used, in an NT/4, Win2K, A/D environment. We force p/w change every 90 days, and disallow use of previous passwords. Q1: how far back does the OS check…12 passwords? Q2: is the length of this list a system parameter? Q3: is there a way a sysadmin can decrypt this file and see the prior passwords?
    Thanks for your help.

All Comments

  • Author
    • #2673257

      Reply To: Are previous user-passwords discovrable?

      by jarrettc ·

      In reply to Are previous user-passwords discovrable?

      I only have an answer for Q1 and Q2 right now.

      If you are using Win2k then the option is an editable parameter, that can be up to 24 passwords. I think it defaults to 24 on DC’s. The password policy is edited in here: Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\

      If you are using WinNT, I don’t know what the max is, however its under the User Manager for Domains and from the Policies drop down its under Account. You’ll see a password uniqueness section.

      I have no clue on question 3 and sent a question into L0pth to see if l0pthcrack has the ability to find that information out. My guess is that there isn’t a way to find that information with any “off-the-shelf” program out there. Manually doing would require some expertise that I don’t have.

Viewing 0 reply threads