1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Encrypted passwords

Discussion in 'General Microsoft Certifications' started by Boycie, Aug 25, 2006.

  1. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    MS Self paced 270 kit;

    <this setting enables XP Professional to store a reversibly encrypted password for all users in the domain.>

    Is this used in practice much?

    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  2. zimbo
    Honorary Member

    zimbo Petabyte Poster

    si if i remember correctly enabling reversibly encrypted password makes it MUCH easier to recover the password and it isnt at all recommended by MS so i dont think many people fiddle with that...

    I think you have to use reversibly encrypted passwords thou when you got Mac clients and/or Samba (i.e. Linux domain controllers) in the domain... because i think Mac and Samba need reversibly encrypted passwords but dont quote me on that ill check up on it... :hhhmmm
    Certifications: B.Sc, MCDST & MCSA
    WIP: M.Sc - Computer Forensics
  3. Mr.Cheeks

    Mr.Cheeks 1st ever Gold Member! Gold Member

    errr whats a reversibly encrypted password? is it a password that takes a encryption off?

    is that only for domains or can it be used for workgroups? and what is requireD?
  4. zebulebu

    zebulebu Terabyte Poster


    Not in any network I've managed it isn't!

    Seriously - Reversible Encryption should only be used when there is absolutely no other alternative. This isn't common, but sometimes when Remote Access is being provisioned you need to use CHAP - which requires reversible encryption. There are other cases when you might need to turn it on - but these are few and far between (IIS Digest Authentication springs to mind) and you should immediately look at another solution if possible.

    Reversible Encryption as primarily used as a method of storing passwords that could then be 'reverse engineered' should they be forgotten or lost. It is also used as an inherent part of insecure protocols like CHAP. You need to use it on a domain and its configured via a GPO
    Certifications: A few
    WIP: None - f*** 'em
  5. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    thanks for the input guy's :thumbleft
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT

Share This Page