Before OSR2, Windows PWL (cached password database) files reused the same RC4 stream for known plaintext and the cached passwords. Someone exploited this and published code. Apparently, MS has fixed the problem. PWL files under '95/OSR2 and '98 are protected with a single RC4 stream whose 128-bit key is derived from 9 rounds of MD5 applied to a password (which is, unfortunately, converted to uppercase). At 70 possibilities per character, or a little over 6 bits, and 14 characters long, that's a total keyspace of just under 86 bits. Resources and passwords don't have to conform to anything; they're arbitrary binary strings. -- Mike Stay Programmer / Crypto guy AccessData Corp. mailto:[EMAIL PROTECTED]
