Encrypted passwords

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

MS Self paced 270 kit;

<this setting enables XP Professional to store a reversibly encrypted password for all users in the domain.>

Is this used in practice much?

Si

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

si if i remember correctly enabling reversibly encrypted password makes it MUCH easier to recover the password and it isnt at all recommended by MS so i dont think many people fiddle with that...

I think you have to use reversibly encrypted passwords thou when you got Mac clients and/or Samba (i.e. Linux domain controllers) in the domain... because i think Mac and Samba need reversibly encrypted passwords but dont quote me on that ill check up on it... :hhhmmm

 

errr whats a reversibly encrypted password? is it a password that takes a encryption off?

is that only for domains or can it be used for workgroups? and what is requireD?

 

LOL

Not in any network I've managed it isn't!

Seriously - Reversible Encryption should only be used when there is absolutely no other alternative. This isn't common, but sometimes when Remote Access is being provisioned you need to use CHAP - which requires reversible encryption. There are other cases when you might need to turn it on - but these are few and far between (IIS Digest Authentication springs to mind) and you should immediately look at another solution if possible.

Reversible Encryption as primarily used as a method of storing passwords that could then be 'reverse engineered' should they be forgotten or lost. It is also used as an inherent part of insecure protocols like CHAP. You need to use it on a domain and its configured via a GPO

 

thanks for the input guy's