Currently on my stage of learning about MS Windows security and authentication procedures.And have one question that I can't find answer to.
There are Local Security Authority (LSA) and Security Account Manager(SAM) responsible for authentication process.
Lsa is responsible for validating user for logon and SAM holds users password in a one-way hashed value.
This value can not be reversed back to the plain text password. That basically means that when you try to login, hash is generated upon your password and then compared against hash in the SAM.
But I cannot find this hash algorithm that is used for hashing user password before comparison procedure.
Logically there should be some place for storing this hash algorithm,
because this hash should always be the same for particular user at least.
Could that be in lsass.exe itself?