Precisely why you should run Windows 2000 networks in native mode and use
Kerberos V5 as the preferred authentication method. The mixed mode operation
of this DC (In Windows 2000 there is no PDC or BDC .. all controllers are
equal peers). You cannot run a Windows 2000 domain in native mode untill ALL
domain controllers are converted to Windows 2000. The clients will all have
to be able to do Kerberos authentication as well. The Windows 2000
Professional Workstation software uses Kerberos V5 in a Wndows 2000 native
mode domain. As long as you are running Windows NT 4.0 servers as domian
controllers on Windows 2000 domains, you have to run in mixed mode. The
mixed mode operation of Windows 2000 domain has the same security weakness
of the NTLM authentication method. If this were native mode Windows 2000
( I am assuming that it is not) the cracking attempt would have been much
less successful.
Lance
----- Original Message -----
From: "Carl Ma" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, December 20, 2000 12:00 PM
Subject: NT password encryption & name service
> Hello all,
>
> After running password cracking program on our W2000 PDC server, 98%
passwords
> are cracked out, even some very complicate passwords like - X1#!h0a_.
>
> Is it attribute to the W2000 encryption method? I would like to persuade
my boss
> using LDAP as name service. Appreciate any information & idea! I will
summarize.
>
> Thanks & Merry Christmas!
>
> carl
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
