I did not want to bet on one horse so I started another project too. When Hubert does not lock his PC I can install a program which can capture the password. I started to write my own GINA (Graphical Identification aNd Authentication). This dll is loaded by WinLogon.exe and does provide some extra means to authenticate to windows. When pressing Ctr-Alt-Del you can capture the password and store it 🙂
I will first make an implementation which only stores the password inside a logfile on the system itselves. This would mean that Hubert has to forget to lock his PC 2 times. It would be better if the password is sent to another PC (mine), which means that I only need access to his PC only once.
GINA, phase 1