Date: Fri, 19 Feb 1999 17:04:37 -0800
From: Ash <ash@DRAGONPAW.ORG>
To: BUGTRAQ@netspace.org
Subject: Regarding passwords in registry keys.

Considering the various threads running around about programs storing
passwords temporarily in Windows registry entries I thought I would point
out that registry keys are never deleted. The registry marks the key as
'unused' and leaves it in place, the entry never replaced or its space
reclaimed. This is why the registry files are always growing.

If you look in the O'Riely "Windows Annoyances" book you will find the
procedures for exporting the registry to text the creating a new one from
that exported file. Requires rebooting into dos and such, very messy. Last
time I did this I saved about a meg.

So, all those 'temporary' keys that hold these juicy bits are in fact left
behind in the registry data files themselves for anyone with a hex editor
to find. Could make for interesting mining I think.

--
Ash <ash@dragonpaw.org>

"Love is a Journey, One Heart At a Time."