Preventing XP from Storing an LM Hash of your Password in the SAM Database
As you probably already know, Windows saves your user password in something called the SAM Database. It can store it using 2 different password presentations, or "hashes": The Lan Manager hash (LM hash) and the Windows NT Hash (NT hash). NT Hashes are considered to be pretty secure, but unfortunately, LM ones are not and are prone to brute force attacks.
There are 2 ways you can force XP to store your password using the NT hash presentation, and here they are:
1-Use a password that is longer then 14 characters
This is by far the simplest technique. Just use a password that is longer then 14 characters. If you do this, Windows will store a meaningless LM Hash value in the SAM database and use an NT Hash to represent your password instead.
2-Add up the NoLMHash value to the registry
This registry hack will force windows XP to store your password using the NT Hash presentation.
(Warning: Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft or I cannot guarantee that these problems can be solved. Modify the registry at your own risk.)
- Start, run, type regedit, click OK
- Browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
- Under the Lsa key, create a DWORD Value named NoLMHash, and assign a value of 1 to it (as shown in the screenshot below)
- Restart your computer, and change your password.
Voilà, you are done. You might want to test the strenght of your password via a brute force attack before and after having done the procedure. This guide will show you how to do this.
Other [Geeks Are Sexy] technology articles