Where password is stored ?

windows does not store local account password, but it does store a hash value, also know as digital "fingerprint" 128 bit, of thepassword
. A hash is oneway math function that accept a string in input, in our case a password, and provide an value in output, thehash value. A hash function has some properties:1) from a hash value it is computationally hard, we assume impossible,to retrieve the input string2) two different input string will most certainly, we assumecertainly, produce two different hash value
Windows stores hash values in the SAM file located in C:\WINDOWS\system32\config\SAMThis file is encrypted and locked by windows. So, AFAIK, it's alreadyprotected at best.
The same file is also located in C:\Windows\Repair for back up purposeand it is not locked but it access is protected via ACL, this can be aproblem if someone/program run with administrative privilege
When ever our password is required the logon box appears and we typein the password, the box applies the hash function to it and forwardsthe hash to the security subsytem that read the hash for that user inthe SAM and compares the two values. If they match you we are authenticated.
What are the risks we should be aware?
1) AFAIK the only way to obtain a pwd from a hash value is to use a brute force.That is, use a huge password dictionary and apply the hashfunction on every pwd, if the hash value match the first hash valuethan you have the password.
2) How can the hash value be obtained? -)grab the SAM file and decrypt it, this means having access to themachine. Note that when an machine is physically accessible anysecurity system is vain.