Totally guessing here from the Dr. J password literature I've read...but
wouldn't it depend on the auth method involved as to the traffic size?
Since NTLMv2 is MS specific... you might have to fire up the sniff tools
on that one.
Chapter 11 in the Riley/Johansson book on passwords
LMhash ... password is padded to 14 characers
lowercase converted to uppercase
split into 7 byte chunks, chunk generates 8 byte odd parity DES key
each 8 byte key used in DES encryption of fixed string
two cipher texts are concatenated and stored
NTMLv2 you are sending challenges back and forth across the wire
Auth req
Server challenge
ntlm2 response
auth result
The Great Debates: Pass Phrases vs. Passwords. Part 1 of 3:
http://www.microsoft.com/technet/security/secnews/articles/itproviewpoint091004.mspx
The Great Debates: Pass Phrases vs. Passwords. Part 2 of 3:
http://www.microsoft.com/technet/security/secnews/articles/itproviewpoint100504.mspx
The Great Debates: Pass Phrases vs. Passwords. Part 3 of 3 -- TechNet
Column - Security Management - December 2004:
http://www.microsoft.com/technet/community/columns/secmgmt/sm1204.mspx
Rich Milburn wrote:
Does anyone happen to know a rough idea how many bytes are transmitted
when a single user logs on to an XP box to a W2K3 AD, assuming cached
credentials aside? I’ve been goog searching and finding a lot of
detailed info about replication but not much about the size of the
authentication packets etc. I am digging out net monitor as I type
(well almost as I type) to see for myself, but anyone who would like
to comment on the feasibility of having XP machines on the far end of
a 56K frame circuit actually being members of the domain, please feel
free to let me know. We’re talking simple logging in, including a
single GPO or maybe two – but no replication, etc. They do already get
their email using Outlook to a pst.
And please don’t laugh. This is a very serious issue. ;-)
Rich
//---------------------------------------------------------------------------///
///Rich Milburn///
///MCSE, Microsoft MVP - Directory Services///
//Sr Network Analyst, Field Platform Development//
//Applebee's International, Inc.//
//4551 W. 107th St//
//Overland Park//, KS 66207//
//913-967-2819//
//---------------------------------------------------------------------------//
///"I am always doing that which I can not do, in order that I may
learn how to do it." - Pablo Picasso//
/
------------------------------------------------------------------------
*-------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE-------*
PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message
or any attachments. This information is strictly confidential and may
be subject to attorney-client privilege. This message is intended only
for the use of the named addressee. If you are not the intended
recipient of this message, unauthorized forwarding, printing, copying,
distribution, or using such information is strictly prohibited and may
be unlawful. If you have received this in error, you should kindly
notify the sender by reply e-mail and immediately destroy this
message. Unauthorized interception of this e-mail is a violation of
federal criminal law. Applebee's International, Inc. reserves the
right to monitor and review the content of all messages sent to and
from this e-mail address. Messages sent to or from this e-mail address
may be stored on the Applebee's International, Inc. e-mail system./
------------------------------------------------------------------------
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
