Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account


Photo

Does Win 7 encrypt network passwords?


  • Please log in to reply
11 replies to this topic

#1
Messerschmitt

Messerschmitt

    Advanced Member

  • Member
  • PipPipPip
  • 336 posts
Hey, really would like to know.

I just bought a NAS, and I would like to know if I log-in through Network, would the username and pass my NAS requires for the specific username, be encrypted?

I'm basically using Wireless to connect to my router, hence why I wouldn't want someone with packet sniffer get my NAS user and pass.

Thanks
Bambi board: http://bambi.myftp.org
-a fan board for the Bambi masterpiece


How to remove advertisement from MSFN

#2
nitroshift

nitroshift

    Beware of programmers with screwdrivers!

  • Super Moderator
  • 2,904 posts
  • OS:Windows 8.1 x64
  • Country: Country Flag
http://windows.micro...ireless-network As long as you set up your network with WPA2 encryption, you don't have to worry about someone else sniffing your key. Do NOT EVER set up the network with WEP encryption, it can be broken in a matter of seconds (done it myself as a test on my own network).



nitroshift

Please read the rules, folks!


#3
Messerschmitt

Messerschmitt

    Advanced Member

  • Member
  • PipPipPip
  • 336 posts
Yea, my wireless is WPA2 encryption. But was just wondering if user and pass transmission from Win 7 to target via network is encrypted, or if it's plain. Or if it's done via wireless, it uses the WPA2 encryption? I have the WPA2 encryption in my router settings for wireless.
Bambi board: http://bambi.myftp.org
-a fan board for the Bambi masterpiece

#4
CharlotteTheHarlot

CharlotteTheHarlot

    MSFN Master

  • Member
  • PipPipPipPipPipPipPipPip
  • 2,054 posts
  • OS:none specified
  • Country: Country Flag

I'm basically using Wireless to connect to my router, hence why I wouldn't want someone with packet sniffer get my NAS user and pass.

You're obviously talking about encryption in the air, and the answer must be YES because WPA2 would be effectively useless otherwise. I'm pretty sure that all protocols are encrypted so that simply sniffing and reassembling the packets is only the easy part. After that you would need to decrypt and I believe WPA2 is very secure, while the others like WEP are not. But to be absolutely sure just google around for something like "WPA2 passphrase packets" and you should find the answer in glorious detail.

BUT ... The weak link is not what travels through the air. The weak link in the currently secure WPA2 chain is the on the PC itself, because even on Windows 7 the passphrase is of course stored for automatic login ( i.e., so you don't need to type in the passphrase every time you use a Wi-Fi network ). This stored passphrase can easily be pulled out of the computer with any number of utilities ( I'd rather not name any ). So as has always been the case, if someone has physical access to a laptop, that person can be considered to have full access to all passphrases to all Wi-Fi networks currently stored.

It is okay to ponder the over-the-air security, but it is meaningless if someone has a few minutes alone with your laptop or other device when your back is turned.

EDIT: had to change that suggested search term from "WPA2 packet passphrase" to "WPA2 passphrase packets" because as fate would have it, the former case successfully won the Google game resulting in a single hit, and that hit was this very page. Seriously!

Edited by CharlotteTheHarlot, 06 February 2013 - 02:02 AM.

... Let him who hath understanding reckon the Number Of The Beast ...


#5
Messerschmitt

Messerschmitt

    Advanced Member

  • Member
  • PipPipPip
  • 336 posts
Thanks for the input. Fortunately, nobody has access to my physical machines. But I do live in a complex, so neighbors were on my mind.

So bottom line, since my wireless is WEP2 and the pass for that is pretty strong with lots of mixed characters, plugging in ethernet cable or continue using the wireless shouldn't make much of a difference yes?
Bambi board: http://bambi.myftp.org
-a fan board for the Bambi masterpiece

#6
nitroshift

nitroshift

    Beware of programmers with screwdrivers!

  • Super Moderator
  • 2,904 posts
  • OS:Windows 8.1 x64
  • Country: Country Flag

[...]
So bottom line, since my wireless is WEP2 and the pass for that is pretty strong with lots of mixed characters, plugging in ethernet cable or continue using the wireless shouldn't make much of a difference yes?



Yes.


nitroshift

Please read the rules, folks!


#7
CharlotteTheHarlot

CharlotteTheHarlot

    MSFN Master

  • Member
  • PipPipPipPipPipPipPipPip
  • 2,054 posts
  • OS:none specified
  • Country: Country Flag

So bottom line, since my wireless is WEP2 and the pass for that is pretty strong with lots of mixed characters, plugging in ethernet cable or continue using the wireless shouldn't make much of a difference yes?

Typo? :yes: WPA2 with AES cipher is current best practice. The last thing you want tis anything to do with those three letters: WEP.

... Let him who hath understanding reckon the Number Of The Beast ...


#8
Messerschmitt

Messerschmitt

    Advanced Member

  • Member
  • PipPipPip
  • 336 posts

Yes.


nitroshift


Thanks

So bottom line, since my wireless is WEP2 and the pass for that is pretty strong with lots of mixed characters, plugging in ethernet cable or continue using the wireless shouldn't make much of a difference yes?

Typo? :yes: WPA2 with AES cipher is current best practice. The last thing you want tis anything to do with those three letters: WEP.


Yes typo.

I have WPA2 Pre-Shared.

My WRT54GL does not have an AES option for wireless security.

Edited by Messerschmitt, 07 February 2013 - 12:02 PM.

Bambi board: http://bambi.myftp.org
-a fan board for the Bambi masterpiece

#9
CharlotteTheHarlot

CharlotteTheHarlot

    MSFN Master

  • Member
  • PipPipPipPipPipPipPipPip
  • 2,054 posts
  • OS:none specified
  • Country: Country Flag

My WRT54GL does not have an AES option for wireless security.

You have this one? I am almost positive that one has WPA2. Check your firmware against the downloads available Linksys site. Also, note that their are several 3rd party firmware that can replace it.

The point being, if you have client devices capable of strong security, you really should get a router to allow that scenario. Fortunately in your case I believe getting a new router is a simple matter of firmware update. If you happen to have an unusual hardware model without upgrade possibilities, you can always just get another router. Anyway, that is off this topic I guess, but always a good rule of thumb: never setup a network using security for the lowest common denominator if it can be avoided.

... Let him who hath understanding reckon the Number Of The Beast ...


#10
Messerschmitt

Messerschmitt

    Advanced Member

  • Member
  • PipPipPip
  • 336 posts
Yep, I got the WRT54GL. Actually just ordered today a E1000 too.

I run DD-WRT v23 on my 54GL (quite old I know). Once I get the E1000, I'l keep the 54GL as a backup, and install the latest (and only apparently) DD-WRT firmware on the E1000

And yes, my bad, under WPA Algorithm I do have the AES option (option TKIP or TKIP+AES). Security mode is WPA2 Pre-Shared Key Only (other option WPA2 Pre-Shared Key Mixed, or RADIUS Only/Mixed)
Bambi board: http://bambi.myftp.org
-a fan board for the Bambi masterpiece

#11
nitroshift

nitroshift

    Beware of programmers with screwdrivers!

  • Super Moderator
  • 2,904 posts
  • OS:Windows 8.1 x64
  • Country: Country Flag
I have a TP-Link TL-WR1043ND running DD-WRT. Wireless secured with WPA2 Personal using TKIP+AES. No worries.


nitroshift

Please read the rules, folks!


#12
cluberti

cluberti

    Gustatus similis pullus

  • Supervisor
  • 11,252 posts
  • OS:Windows 8.1 x64
  • Country: Country Flag
Also, be aware that even if someone were to hack your network (anything's possible), all NTLM auth over SMB is hashed and encrypted (assuming you're not using Kerberos, which is slightly different - most NAS devices use NTLM). It's also not uncrackable, but it is another layer of security. Obviously NTLMv2 with SMB signing is more secure than without, or NTLMv1, but some is better than none.
MCTS Windows Internals, MCITP Server 2008 EA, MCTS MDT/BDD, MCSE/MCSA Server 2003, Server 2012, Windows 8
--------------------
Please read the rules before posting!
Please consider donating to MSFN to keep it up and running!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users



How to remove advertisement from MSFN