FAQ for strongpass.dll
df93ffe11f4f0ddb63722def399cb9f806a3b6cd35c76459afe67e090730f6d7
<HTML>
<HEAD>
<TITLE>the strongpass FAQ</TITLE>
</HEAD>
<BODY BGCOLOR="BLACK" TEXT="#FFDFBF" LINK="#C08010" VLINK="#C08010" ALINK="WHITE">
<FONT FACE="arial" SIZE="3">
<B>- the strongpass FAQ -</B>
</FONT>
<FONT FACE="arial" SIZE="2">
<BR><BR>
<I><FONT COLOR="#C08010">Q: </FONT>That file of yours may catch my password and send it over the Internet to you, right?</I>
<BLOCKQUOTE>
<FONT COLOR="#C08010">A: </FONT>That's right, it could. All I can do is promise that I haven't included any code like that. Also, a good idea for your part would be to download it and then look through the import table to see if there are any suspicious imports.
</BLOCKQUOTE>
<I><FONT COLOR="#C08010">Q: </FONT>Ok, but how do I install the DLL then?</I>
<BLOCKQUOTE>
<FONT COLOR="#C08010">A: </FONT>Copy it into %SystemRoot%\system32 (often c:\winnt\system32). Then go to the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa and add "strongpass" (without the quotes) to the value Notification Packages. Make sure that "passfilt" is also in place there, because strongpass.dll only complements it.
</BLOCKQUOTE>
<I><FONT COLOR="#C08010">Q: </FONT>What extra password policies does strongpass enforce?</I>
<BLOCKQUOTE>
<FONT COLOR="#C08010">A: </FONT>The passwords must be at least 7 characters long, and if they are exactly 7 characters these must be picked from the three groups a-z/A-Z, 0-9, and special characters (other than the alphanumeric). If the password is longer than 7 characters but shorter than 14, the same rule applies to the first 7 characters. If the password is exactly 14 characters, the rule applies to either the first 7 or the last 7 characters (any group matching the rule will do). This policy will make it harder for a cracking program like L0phtcrack to crack the LANMAN hashes generated from the passwords.
</BLOCKQUOTE>
<I><FONT COLOR="#C08010">Q: </FONT></I>That's all fine, but I have a whole domain with NT systems. Do I have to put strongpass in every one of them?
<BLOCKQUOTE>
<FONT COLOR="#C08010">A: </FONT>No, strongpass (and passfilt) should be in those systems which have the accounts in their SAM databases. If you only want the policy to be enforced on domain accounts, you should add the DLL's to the PDC and BDCs.
</BLOCKQUOTE>
<I><FONT COLOR="#C08010">Q: </FONT></I>We're dealing with plaintext passwords here, have you been careful enough when writing this thing?
<BLOCKQUOTE>
<FONT COLOR="#C08010">A: </FONT>I sure hope so. I've taken all precautions I know of, but I'm not at all perfect. If you find a bug or anything suspicious, please send me a mail to winnt@bahnhof.se and tell me about it.
</BLOCKQUOTE>
<I><FONT COLOR="#C08010">Q: </FONT></I>Can strongpass lock me out of my system?
<BLOCKQUOTE>
<FONT COLOR="#C08010">A: </FONT>Logically it shouldn't be able to, because it is only invoked when you change passwords. However, it resides inside the LSA process and if it starts overwriting stuff there, you could have a problem. The DLL won't be invoked before you try to change a password for the first time since the system has booted. Say that something goes wrong then, and the LSA process is damaged in some way. That process will remain in memory when you log out of the system and back in again - so, you may be locked out temporarily. But when rebooting the system the LSA process will be created from scratch in memory and you will be able to log on again.
</BLOCKQUOTE>
<I><FONT COLOR="#C08010">Q: </FONT>I can't delete the strongpass.dll, why is that?</I>
<BLOCKQUOTE>
<FONT COLOR="#C08010">A: </FONT>That is because strongpass.dll (and also passfilt.dll) is constantly loaded by the LSA process. You can't delete a file that is in use, so just remove strongpass from the registry, reboot your system to release the file and you will be able to delete it.
</BLOCKQUOTE>
<I><FONT COLOR="#C08010">Q: </FONT>I have a question that is not covered by this FAQ. Where can I get help?</I>
<BLOCKQUOTE>
<FONT COLOR="#C08010">A: </FONT>Send a mail to winnt@bahnhof.se with your question. I can't promise that I will have time to answer, but I'll do my best.
</BLOCKQUOTE>
</FONT>
<FONT FACE="arial" SIZE="2">
<BR><BR>
<HR WIDTH="50%" ALIGN="CENTER" SIZE="1">
<CENTER><A HREF="http://www.bahnhof.se/~winnt/">[Home]</A> <A HREF="http://www.bahnhof.se/~winnt/advisories/index.html">[Security Advisories]</A> <A HREF="http://www.bahnhof.se/~winnt/toolbox/index.html">[The Toolbox]</A> <A HREF="http://www.bahnhof.se/~winnt/trashcan/index.html">[The Trashcan]</A></CENTER>
<P ALIGN=RIGHT>
<FONT FACE="arial" SIZE="1">
© 1999, Arne Vidström
</FONT>
</P></FONT>
</BODY>
</HTML>