The Straight Dope on cracking Windows cached domain credentials

A bigger concern would be the cached local credentials. If I can assume an attacker might gain admin access to a local PC that’s a domain member but not to the server, then I’d be more worried about what he can learn from stored cached domain credentials.

(Of course, he could use the hash by itself, via hash injection, but besides that…)

I agree. Particularly for laptops that travel. I actually have a soft spot for well implemented hardware disk encryption (preferably two-factor), but software disk encryption can be good, too. It is just a shame that TrueCrypt does not do multi-user authentication. However, it would not be such a problem if Microsoft broke with NTLM and modified the stored hash format to include salt.

Si