AutoLogon Encryption System RRS feed

  • Question

  • Hello,

    I'm really interested into AutoLogon security utility and I would like to know which kind of encryption method is used to encrypt password in registry. I have tested the AutoLogon and inside the registry key WinLogon I found the username and the default domain but nothing concerning the password.

    My question is then what kind of encryption has been used for the password encryption ?

    Thanks in advance for your answers
    Wednesday, November 29, 2017 3:03 AM

All replies

  • Older versions stored it in plain text.

    MSDN tells you how the encryption works:

    Note that if Winlogon cannot find a password stored by the LsaStorePrivateData function, it will use the DefaultPassword value of the Winlogon key (if it exists) for the automatic logon password.

    Wednesday, November 29, 2017 4:22 PM
  • Do you mean that it's stored in plain text in the LSA and it's the only encryption provided ?
    Thursday, November 30, 2017 5:12 AM
  • MSDN: 
    The data stored by the LsaStorePrivateData function is not absolutely protected. However, the data is encrypted before being stored, and the key has a DACL that allows only the creator and administrators to read the data.
    Thursday, November 30, 2017 12:01 PM