This is true, and mostly irrelevant, because there are almost no
networks without Win9x on them, and NT can't be configured to use only
NTLM hashes without stopping access from Win9x. This is because MS
declines to release a patch to those OSs to use a reasonable
authentication method.
Adam
On Thu, Jun 10, 1999 at 03:29:53PM +1000, John Wiltshire wrote:
| > http://www.microsoft.com/security/downloads/ITSEC_NT4.0_Installation.EXE
| > "What the user does not see are internal workings, such as the
| > system-level encryption of their password so that it is never
| > passed over
| > the wire in clear text."
| >
| > What they would see is the LanMan hash, the entire Keyspace
| > of which can
| > be brute forced on an UltraSparc in a few hours with l0pht Crack. (see
| > http://www.l0pht.com )
|
| FUD. NT can easily be configured to never send the LanMan hash. In fact,
| in the configuration we are talking about, you disable the "Server" and
| "Workstation" services anyway so no one can get an SMB connection or any
| hash at all from the machine.
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
