Security Accounts Manager

From Wikipedia, the free encyclopedia

The Security Accounts Manager (SAM) is a database stored as a registry file in Windows NT, Windows 2000, and later versions of Windows. It stores users' passwords in a hashed format (in an LM hash and an NTLM hash). Since a hash function is one-way, this provides some measure of security for the storage of the passwords.

In an attempt to enhance the security of the SAM database against offline software cracking, Microsoft introduced the SYSKEY utility in Windows NT 4.0. The SAM file cannot be moved or copied while Windows is running. However, it can be dumped, displaying the password hashes, which can then be subjected to brute-force attack.

Most versions of Windows can be configured to disable the calculation & storage of valid LM hashes when the user changes their password. This is the default setting in Windows Vista. Note: enabling this setting does not immediately clear the LM hash values from the SAM, but rather enables an extra function during password changes that will instead store a "dummy" value in the LM hash field location in the SAM. (This dummy value has no relationship to the user's password - it is the same value used for all user accounts.]

LM hashes cannot be calculated when the user chooses a password of over 14 characters in length. Thus, when a user sets a 15+ character password, the LM hash value is set to a "dummy" value as well.

However, particularly in Windows NT 3.51, NT 4.0 and 2000, there was a security flaw with SAM in which if the hash file was deleted from the hard drive, a user could log in as any account with no password. This flaw was corrected with Windows XP.

This article was originally based on material from the Free On-line Dictionary of Computing, which is licensed under the GFDL.

[edit] External links

• Description of binary structures stored in SAM registry hive.
• Offline NT Password & Registry Editor - open-source program and boot disk to reset (change) passwords in SAM (without cracking them)
• Ophcrack[1] - open-source password cracker for LM & NTLM hashes using rainbow tables, LiveCD will extract hashes from SAM

v • d • e Microsoft Windows components Core Aero · ClearType · Desktop Window Manager · DirectX · Explorer · Taskbar · Start menu · Shell (namespace · Special Folders · File associations) · Search (Saved search · iFilters) · Graphics Device Interface · WIM · Next Generation TCP/IP stack (Server Message Block) · .NET Framework · Audio · Printing (XML Paper Specification) · Active Scripting (WSH · VBScript · JScript) · COM (OLE · OLE Automation · DCOM · ActiveX · ActiveX Document · Structured storage · Transaction Server) · Previous Versions · WDDM · UAA · Win32 console Management tools Backup and Restore Center · command.com · cmd.exe · Control Panel (Applets) · Device Manager · Disk Cleanup · Disk Defragmenter · Event Viewer · Management Console · Netsh · Problem Reports and Solutions · Sysprep · System Configuration · Task Manager · System File Checker · System Restore · Windows Installer · Windows PowerShell · Windows Update · WinSAT · Windows Easy Transfer Applications Calculator · Calendar · Character Map · Contacts · DVD Maker · Fax and Scan · Internet Explorer · Journal · Mail · Magnifier · Media Center · Meeting Space · Mobile Device Center · Mobility Center · Movie Maker · Narrator · Notepad · Paint · Photo Gallery · Private Character Editor · Remote Assistance · Sidebar · Snipping Tool · Sound Recorder · Windows Media Player (11) · Windows Speech Recognition · WordPad Games Chess Titans · FreeCell · Hearts · Hold 'Em · InkBall · Mahjong Titans · Minesweeper · Purble Place · Solitaire · Spider Solitaire Kernel Ntoskrnl.exe · hal.dll · System Idle Process · Svchost.exe · Registry · Windows service · Service Control Manager · DLL · EXE · NTLDR / Boot Manager · Winlogon · Recovery Console · I/O · WinRE · WinPE · Kernel Patch Protection Services Autorun · BITS · Task Scheduler · Wireless Zero Configuration · Shadow Copy · Windows Error Reporting · Multimedia Class Scheduler · CLFS File systems NTFS (Hard link · Junction point · Mount Point · Reparse point · Symbolic link · TxF · EFS) · FAT32·FAT16·FAT12 · exFAT · CDFS · UDF · DFS · IFS Server Domains · Active Directory · DNS · Group Policy · Roaming user profiles · Folder redirection · Distributed Transaction Coordinator · MSMQ · Windows SharePoint Services · Windows Media Services · Rights Management Services · IIS · Terminal Services · WSUS · Network Access Protection · DFS Replication · Remote Differential Compression · Print Services for UNIX · Remote Installation Services · Windows Deployment Services · Windows System Resource Manager · Hyper-V Architecture NT series architecture · Object Manager · Startup process (Vista) · I/O request packets · Kernel Transaction Manager · Logical Disk Manager · Security Accounts Manager · Windows Resource Protection · LSASS · CSRSS · SMSS Security UAC · BitLocker · Defender · DEP · Protected Media Path · Mandatory Integrity Control · UIPI · Windows Firewall · Security Center Compatibility Unix subsystem (Interix) · Virtual DOS Machine · Windows on Windows · WOW64