什么是安全帐户经理?(the security accounts manager?)
安全帐户管理器是验证帐户密码的Windows®操作系统的一部分。该系统存储的密码使用哈希算法进行编码。由于散列只在一个方向上编码,因此如果未经授权的用户发现密码,则密码相对安全。安全帐户管理器内置于系统注册表中,其文件由内核直接监控,因此很难篡改或更改相关信息。虽然该系统在最基本的攻击中是安全的,但由于一组特定的安全故障,它受到了一些批评。
安全帐户管理器的主要功能是保留用于登录Windows®帐户的密码。这个系统只保存那些密码;其他系统密码保存在不相关的区域。操作系统使用管理器验证输入的密码是否正确。
当用户创建帐户密码时,系统通过哈希算法发送该密码。此过程将密码转换为数字,然后通过等式运行这些数字。等式的输出是一个与原始密码不相似的数字字符串。Windows将完全删除原始密码的任何痕迹,只留下数字。
当用户输入密码时,该过程会重复。安全帐户管理器包含最终的数字字符串,这些数字与转换后的密码进行比较。如果号码匹配,用户可以登录;如果没有,系统将返回无效密码错误。
安全帐户管理器的安全性已尽可能地严格。管理系统的进程直接构建到操作系统的注册表中。这对于大多数固有系统来说都很常见,但它确实使篡改它们变得更加困难。真正的安全性来自系统的内核。一旦激活,内核就会接管securityaccountsmanager文件,并在运行期间一直保存这些文件。这使得移动或复制文件极其困难。
系统不是万无一失的,有很多方法可以愚弄内核放弃文件。最常见的方法包括将Windows®安装安装安装到虚拟系统上。内核在仿真过程中更容易控制,并且可以复制文件。也可能导致计算机错误,通常称为蓝屏,将活动内存转储到文件中。此转储包含来自安全帐户管理器的信息。
- 发表于 2021-12-15 12:43
- 阅读 ( 148 )
- 分类:互联网
你可能感兴趣的文章
雅虎!我们丢失了你的数据!两年前。。。
..."A recent investigation by Yahoo has confirmed that a copy of certain user account information was stolen from our network in late 2014 by what we believe is a state-sp***ored actor. We are working closely with law enforcement authorities and notifying potentially affected users of ways they can fur...
布拉泽斯色情网站泄密:为什么大家都应该担心
...the "vBulletin" software, and not Brazzers itself. That being said, users' accounts were shared between Brazzers and the "Brazzersforum" which was created for user convenience. That resulted in a **all portion of our user accounts being exposed and we took corrective measures in the days following t...
使用多个google帐户时,如何设置默认帐户?
...想要的帐户是默认帐户。 Dear How-To Geek, I have multiple Google accounts. I have my personal account, I have a Google-managed work account, and my college recently switched to a Google-managed system. Up until a few weeks ago, whenever I loaded a general Google tool like Gmail or Google C...
heartbleed解释:为什么你现在需要更改密码
...ember stronger passwords by turning them into passphrases. For your Amazon account, for example, you could create the easily remember passphrase “I love to read books” and then crunch that into a password like “!luv2ReadBkz”. It’s easy to remember and it’s fairly strong. 第三,只...
为什么谷歌说mozilla thunderbird不那么安全?
...a Thunderbird. Google then offers an all-or-nothing secure vs. non secure account switch (“Allow less secure apps”). Why does Google say Thunderbird does not support the latest security standards? Is Google trying to say that standard protocols like IMAP, SMTP and POP3 are less secure ways to a...
如何运行last-pass安全审核(以及为什么它不能等待)
...recovery”, “verify”, “password”, “username”, “login”, “account” and combinati*** there of like “reset password” or “verify account”. Again, we know this is a hassle, but once you’ve done this with a password manager at your side, you have a master list of all your acc...
最好的免费程序和在线服务发送和共享大文件
... recipient). You can use the site for free without registering. The free account allows you to send files that are as big as 100MB, whereas most email systems max out at 10MB to 25MB. Files are kept for five days with the free account. Premium, paid accounts are available if you want the benefit...
保持帐户安全的最佳密码提示
...to store in your chosen tool, for use with all your important websites and accounts. The following articles discuss ways to generate secure passwords. You can also use LastPass and KeePass to generate secure passwords, as discussed in some of the articles listed above. 注意:我们有一些更有...
linkedin确认会员密码已被泄露
...rm that some of the passwords that were compromised correspond to LinkedIn accounts. We are continuing to investigate this situation and here is what we are pursuing as far as next steps for the compromised accounts: 1. Members that have accounts associated with the compromised passwords will noti...
microsoft修补了skype帐户遭受攻击的漏洞(更新)
...eature on our website. This issue affected some users where multiple Skype accounts were registered to the same email address. We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly...
0 篇文章
