On Mon, Jul 08, 2002 at 10:40:19AM -0400, Devin Heitmueller wrote: > As it turns out, if there have not yet been any network logins to the NT > Server, you can disable the "NT Lan Manager Security Service Provider" > Service under the Services Control panel. Of course, if the service has > already started and you stop it, services.exe pulls a Dr. Watson. > > Once I disabled the service, all previously encrypted connections were > sent unencrypted.
Very cool! > I spent hours digging through the registry looking for a hidden key, and > all I had to do was set a service startup to 'disabled'. How > annoying... :-) The key would probably be something like the md4 hash of a user or administrator password, or some hash of this with the session key sent in the negprot reply. There's also the hmac-md4 encryption type described in the internet draft draft-brezak-win2k-krb-rc4-hmac-04.txt I don't think ethereal does any of these at the moment. Tim.
