RE: WinNT and previously used passwords

["Jesper M. Johansson" <jesper_m_johansson () hotmail com>]

> Today I got a message when I logged in to my domain about my pass being

> expired... so as expected I went ahead and typed in a new password.
Next 
> thing I know NT (win2k really) is barking at me saying I can not use
any 
> of my previous 10 passwords.

You, or whoever the administrator is, must have told it to remember the
last 10 passwords. This is a security feature, actually.

> So my question is 
> are there any tools similar to l0pht crack in which the last 10 
> passwords can be extracted from either the registry or the SAM file or 
> where ever they are hiding?

First of all, it is not storing the password. It is storing a hash (two
hashes actually, unless you use the NoLMHash switch). Second, I don't
think there are any such utilities. Generally speaking, I would be more
interested in cracking your current password than 10 of your old ones,
considering that the current one has a better chance of still being
valid by the time I crack it. Presumably, if your new password is based
on your old one, I would probably be able to crack the new one just as
easily as the old one, and it allows me to do so using 1/11th the amount
of work, assuming you are storing 10 passwords.

Now, this might be interesting to do if your objective, as a white-hat
administrator, is to catch people who reuse passwords. However, my
experience is that most people would get more mileage out of teaching
people to use good current passwords instead of cracking old ones.
Better yet, implement smart card logon and get rid of passwords
altogether.