The article that is worth looking at is:
How to Enable Strong Password Functionality in Windows NT
(Article ID: Q161990)
This covers the .dll included in SP2 that can enforce a *very severe*
strong password. However, if anybody out there has information on how to
write their own version of the .dll (API calls included within the .dll)
I would be very grateful.
Regards, Edward Petrie-Smith.
> -----Original Message-----
> From: Frank O'Dwyer [SMTP:[EMAIL PROTECTED]]
> Sent: Monday, January 11, 1999 11:17 AM
> To: Jason Kushmaul
> Cc: [EMAIL PROTECTED]
> Subject: Re: l0pth crack question
>
> Jason Kushmaul wrote:
> >
> > Hello all,
> >
> > This is not a firewall question but still a security
> question.
> > And please excuse my lacking of knowledge.
> >
> > Is there a fix for the l0pth crack for NT passwords?
> > Did any of the service packs take care of that problem or
> hasn't anything
> > been done about it yet?
>
> NT SP2 comes with a "strong password" filter which helps somewhat. As
> usual with NT security, it is not enabled by default and you need to
> turn it on. Search the MS Knowledge base (keywords: "strong
> passwords")
> for details of how to do that. Additionally, look at your policy
> settings in user manager and raise the minimum password length to 10
> or
> better, and turn on password aging, etc. There is also a SYSKEY patch
> which makes it harder for tools such as l0phtcrack to access the SAM
> database--however that does not address the issue of sniffing
> "encrypted" passwords off the net. Note that kerberos (as used in
> NT5/W2K) will also be vulnerable to a similar attack--so expect to see
> l0phtcrack clones for NT5 Kerberos in short order.
>
> We have also developed a password complexity plugin for NT domain
> controllers which will be in beta testing shortly. It implements more
> sophisticated complexity checks than NT SP2, is specifically designed
> to
> defend against tools such as l0phtcrack, and lets you configure
> different complexity requirements for different domain users and
> groups.
> If you would like to be a beta tester, let me know.
>
> Cheers,
> Frank O'Dwyer.
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
