Computer Hacking Forensic Investigator (CHFI) Practice Exam 2025 - Free CHFI Practice Questions and Comprehensive Study Guide

Windows Security Accounts Manager (SAM) uses a hashed format to store passwords. When a password is created, it undergoes a transformation process where it is run through a cryptographic hashing algorithm. This process converts the original password into a fixed-length string of characters that appears random. Importantly, this means that the actual password is not stored anywhere in the SAM; instead, only the resulting hash is saved.

Using a hashing algorithm provides a level of security because even if someone gains access to the SAM file, they would find only hashed values instead of readable passwords. To validate a password during the login process, the system hashes the password entered by the user and compares the result against the stored hash. If they match, the access is granted.

The use of encryption or plain text storage would present significant security risks. Encryption, while it secures data, allows for potential decryption if the encryption keys are compromised. Plain text storage provides no security at all, making it trivial for an attacker to view and misuse passwords. Thus, the hashed format utilized by the SAM strikes an essential balance between usability and security for password management.