堆栈内存溢出
  简体   繁体   English

Windows密码存储在磁盘上的方式和位置,以及用于散列它们的算法?

[英]How and where are Windows passwords stored on the disk, and what algorithms are used to hash them?

 原文  2014-04-05 12:44:02       c#/ windows/ hash/ passwords

问题描述

I would like to implement a version the hash algorithm in a C# application, and need to know how Windows hashes and checks the passwords. 我想在C#应用程序中实现散列算法的版本,并且需要知道Windows如何散列并检查密码。 I also need to know where they are stored. 我还需要知道它们的存储位置。 As far as I know, in the SAM file under C:\\Windows\\System32\\config. 据我所知,在C:\\ Windows \\ System32 \\ config下的SAM文件中。 Is that correct? 那是对的吗?

2 个解决方案

解决方案1
 2 已采纳  2014-04-05 15:42:36

Nothing tricky here. 这里没什么棘手的。 the NTLM hash is just the MD4 of the unicode password. NTLM哈希只是unicode密码的MD4。 MD4 is irresponsibly weak, so you will need a comprehensive crypto lib, like Bouncy Castle . MD4是不负责任的弱点,所以你需要一个全面的加密库,比如Bouncy Castle MS has no native methods for it. MS没有本地方法。

also, the best reference on the topic . 同样, 关于这个主题最佳参考

using Org.BouncyCastle.Crypto.Generators; 使用Org.BouncyCastle.Crypto.Generators;

using Org.BouncyCastle.Crypto.Parameters; 使用Org.BouncyCastle.Crypto.Parameters;

using Org.BouncyCastle.Security; 使用Org.BouncyCastle.Security;

using Org.BouncyCastle.Crypto.Digests; 使用Org.BouncyCastle.Crypto.Digests;

I think those cover it. 我认为那些涵盖了它。 I hope... 我希望...

here is one that returns it as a byte[], which you can convert as needed. 这是一个将其作为byte []返回的,您可以根据需要进行转换。 

    /// <summary>
    /// Convert Password to NT Hash.  Convert to unicode and MD4
    /// </summary>
    /// <param name="passwordIn">password In</param>
    /// <returns>NT Hash as byte[]</returns>
    public static byte[] NTHashAsBytes(string passwordIn)
    {
        MD4Digest md = new MD4Digest();
        byte[] unicodePassword = Encoding.Convert(Encoding.ASCII, Encoding.Unicode, Encoding.ASCII.GetBytes(passwordIn));


        md.BlockUpdate(unicodePassword, 0, unicodePassword.Length);
        byte[] hash = new byte[16];
        md.DoFinal(hash, 0);


        return hash;
    }

解决方案2
 0  2014-04-05 20:20:50

Which "Windows" format do you mean? 你的意思是“Windows”格式?

NTLMv1 or NTLMv2 ? NTLMv1还是NTLMv2

LM ? LM

DCC/MSCash/MS-Cache ? DCC / MSCash / MS-Cache

DCC2/MSCash2/MS-Cache2 ? DCC2 / MSCash2 / MS-Cache2

See also the question Windows 7 Password Hash Security . 另请参阅Windows 7密码哈希安全性问题

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何对用户密码进行哈希处理? - How to hash users passwords? 注释存储在哪里以及如何提取它们? - Where comments are stored and how to extract them? Windows用于证书吊销(OCSP或CRL)的算法是什么?如何配置它们? - What is the algorithm used by windows for certificate revokation (OCSP or CRL) and how to configure them? DotNetNuke如何哈希其密码? - How does DotNetNuke Hash Its Passwords? 如何存储信息,例如加密的密码,但不存储在哈希中 - How to store information like passwords encrypted but not in hash 哪些算法用于在单词中搜索子词? - What algorithms are used for seaching subwords in words? 来自nuget引用的库存储在磁盘上的哪个位置? - Where are the libraries from the nuget reference stored on the disk? RavenDB Embedded:磁盘上存储的数据在哪里? - RavenDB Embedded: Where is the data stored on disk? 客户作业存储在QuickBooks中的何处,以及如何使用SDK检索它们? - Where are the customer Jobs stored in QuickBooks and how to retrieve them using SDK? 默认ASP.NET应用程序中存储的用户名和密码在哪里? - Where are the username and passwords stored in the default ASP.NET app?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM