Welcome to HackeRoyale.

All About Windows Passwords! – The Hidden Concepts

We all are aware about passwords that we use to protect our data and other stuffs. Sometimes it is the only thing we have to protect ourselves from the intruders. Having a physical access to a system is not required everytime and having the knowledge of password can prove to be sufficiently enough to exploit systems and servers.
Most of the people use Windows OS and also majority of them might have set a password for loging in. Feels easy to set one, but there’s a lot going inside even for a simple password you set. Going through this article would make the reaader understand about how and where the passwords are stored in a Windows OS and some technical terms relating to it.
Let’s start off by having a brief look at how Windows stores password

How Windows stores password?

This may seem to be somewhat technical for some, making him wander what’s going on but don’t worry it’s very simple.
The password storage in windows is done in two different ways by default – ‘LM OWF’ and ‘NT OWF’. ‘OWF’ ( sometimes also termed as Cryptographic Function) here stands for One Way Function and is simply a set of mathematical operations to be applied on a string to get an Output which is generally called a HASH (A hash value is a numeric value of a fixed length that uniquely identifies data. Hash values represent large amounts of data as much smaller numeric values, so they are used with digital signatures. Also this numeric value can also contain some alphabets ). The ideal hash function is characterised by following main properties:

1 : It is very easy to calculate hash for any a string
2 : It is very difficult to get back the string with a given hash.
3 : No two strings can have same hash code.
The LM hash or NT hash are computed as follows :

The LM hash is computed as

  • The password is padded with NULL bytes to make it to exactly 14 characters.
  • This string is then converted to all uppercase.
  • It is then split into two 7-byte (56-bit) chunks.
  • Each chunk is used as the key to encrypt a fixed string (A string pre-defined in by the Windows).
  • The two results from step 4 are concatenated (added end to end ) and stored as the LM hash.

In case of NT hash, the password is hashed using the MD4 algorithm and stored. The NT OWF is used for authentication by domain members in both Windows NT 4.0 and earlier domains and Windows 2000 and higher Active Directory domains.

NOTE: Neither of the above both hashes are salted ( Salting is a process that was first used on UNIX-based computers over 20 years ago. On those computers password hashes were stored in a world-readable file. A user could simply search the file for any other users who had the same stored hash. If any were found, it would mean they shared the same password ). To solve this problem, the designers of the UNIX operating system decided to salt the passwords prior to storing them. The process of salting combines the password with a small number the salt – before computing the OWF. The salt could be stored in clear text in the password file. This ensured that two users with the same password had two different password representations stored. Windows has never stored hashes in world-readable form, so there has never been a need to salt them.
How are passwords used in Windows?
When a user enters a password, it is first converted into the NT hash and stored in the memory by the LSASS (Local Security Authority Subsystem Service) process. Then it is compared with the locally stored hash. If they match, then user is logged in else, a message is displayed telling that wrong password is input.


Ref http://technet.microsoft.com/en-us/library/cc512606.aspx

That’s all for now.
Hope you found it interesting.
Feel Free to ask/comment.


featured posts


Get weekly updates by subscribing to our newsletter.