1
00:00:03,210 --> 00:00:05,700
Test credentials were mentioned before as well.

2
00:00:07,620 --> 00:00:12,740
We said that if you connect to a remote computer once you don't have to authenticate a remote system

3
00:00:12,740 --> 00:00:16,260
again how does that work.

4
00:00:17,580 --> 00:00:23,540
A Unicode password which is our entry password and our log in and domain name are used to generate a

5
00:00:23,540 --> 00:00:32,210
string Unicode password is already the result of hashing the generated string is again hashed with an

6
00:00:32,210 --> 00:00:40,010
empty message digest function the output is a cast credential.

7
00:00:40,100 --> 00:00:45,950
It has subsequently saved in a protected registry key you could perhaps say that it's possible to harvest

8
00:00:45,950 --> 00:00:52,940
it and attempt to obtain the password would need to successfully reverse two hashing functions.

9
00:00:54,740 --> 00:00:57,360
This probably hasn't ever turned out a success.

10
00:01:01,730 --> 00:01:06,620
If attackers take time and apply their skills to it they can at best obtain the user's password to a

11
00:01:06,620 --> 00:01:15,300
specific network share the password is not active in other servers or for other users.

12
00:01:15,300 --> 00:01:21,150
This means that an attack would only produce a result that is already known before simply a local user's

13
00:01:21,150 --> 00:01:22,170
credentials.

14
00:01:24,730 --> 00:01:31,960
Before we move to Kerberos Let's briefly discuss the SAM file what the content of the file in the file

15
00:01:31,960 --> 00:01:40,710
itself or encrypted you can make sure that by running the Siskiyou tool Sandbach tool in Windows 7 the

16
00:01:40,710 --> 00:01:47,160
software is pre-installed in the system although it is rarely used and remains quite obscure.

17
00:01:47,250 --> 00:01:49,620
The first window shows the sound file is encrypted

18
00:01:52,290 --> 00:01:53,640
to disable encrypting.

19
00:01:53,640 --> 00:01:59,610
You need to change the system configuration turning off Sam encryption is not recommended.

20
00:02:00,790 --> 00:02:02,410
It wouldn't make any sense.

21
00:02:03,800 --> 00:02:07,500
Encryption was first applied to the file back in Windows and T4.

22
00:02:07,820 --> 00:02:12,260
There's no need to go back so far in time.

23
00:02:12,500 --> 00:02:18,780
If you decide to encrypt something you need a decryption key to decode it at a startup.

24
00:02:18,790 --> 00:02:22,330
Windows doesn't prompt the user for any keys.

25
00:02:22,390 --> 00:02:27,280
It only requests the user log in and password which implies that the system is able to decrypt the same

26
00:02:27,280 --> 00:02:31,710
file on its own.

27
00:02:31,730 --> 00:02:38,000
The key for decoding the SAM file is saved in the same disk in the same folder one half of the key is

28
00:02:38,000 --> 00:02:39,850
contained in the security file.

29
00:02:39,860 --> 00:02:48,850
The other half in the system file cracking a password requires all three files the same file contains

30
00:02:48,850 --> 00:02:53,290
passwords while security in-system contain the key to the password database

31
00:02:57,700 --> 00:03:02,540
to provide your system with maximum security you can move the key to another location.

32
00:03:03,710 --> 00:03:10,610
It can be generated from a password submitted to the window above after you set it up.

33
00:03:10,610 --> 00:03:16,010
After a system start there would appear a low level request to submit the password.

34
00:03:16,010 --> 00:03:20,910
If you don't submit it Windows will not start up since it is unable to reach the same file.

35
00:03:23,510 --> 00:03:26,600
The key can also be stored on a disk.

36
00:03:26,640 --> 00:03:29,500
It can't be saved on a USP drive for some reason.

37
00:03:30,840 --> 00:03:35,030
You can also leave the file in the default location.

38
00:03:35,070 --> 00:03:36,960
There's a certain error here.

39
00:03:36,960 --> 00:03:39,540
I'm not sure if it was patched up in Windows 7.

40
00:03:39,540 --> 00:03:40,980
We won't check it now.

41
00:03:42,820 --> 00:03:47,770
Anyway if you would change something in the window above and click cancel this key will operate it in

42
00:03:47,770 --> 00:03:55,950
a peculiar way since we use the update option tool assume that will change the location of the key that

43
00:03:55,950 --> 00:04:04,220
protects the SAM it thought that we wouldn't need the old file anymore and deleted it.

44
00:04:04,240 --> 00:04:09,640
If you click cancel in the second window a new key will not be generated.

45
00:04:09,640 --> 00:04:16,370
This meant that you can work with your computer only until you switched it off when does not restart

46
00:04:16,370 --> 00:04:20,480
again and the system would have to be reinstalled.

47
00:04:20,620 --> 00:04:26,310
If there's any lesson to be learned from that even if you return to your previous settings click OK.