Non mi è chiaro in che modo Windows Server 2008 R8 memorizza le password dell'account locale. C'è del sale aggiunto o solo l'hash NT è calcolato e memorizzato?
Il seguente articolo descrive tutti i metodi utilizzati da Windows 2008 (anche Windows 2008 R2). link Non sono sicuro di aver capito correttamente che non c'è sale?
The SAM database is stored as a file on the local hard disk drive, and it is the authoritative credential store for local accounts on each Windows computer. This database contains all the credentials that are local to that specific computer, including the built-in local Administrator account and any other local accounts for that computer. The SAM database stores information on each account, including the user name and the NT password hash. By default, the SAM database does not store LM hashes on current versions of Windows. No password is ever stored in a SAM database—only the password hashes. The NT password hash is an unsalted MD4 hash of the account’s password. This means that if two accounts use an identical password, they will also have an identical NT password hash.
In breve, MD4 non salato.