[1243] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] WinNT security?

daemon@ATHENA.MIT.EDU (Twiggy)
Sat Oct 19 08:36:28 1996

Date: Fri, 18 Oct 1996 11:21:16 -0400
To: linux-security@tarsier.cv.nrao.edu
From: twiggy@accel.net (Twiggy)

>I just noticed that NT only send encrypted passwords over the net. This
>seems to be a good idea. I just wonder how secure there algorithms are.
>Does anyone know how it compares to ssh?

  you may want to look into NT's telnet and ftp services 
  before discussing any "robust encryption" they offer.
  NT's encryption of PWL files is also a serious issue. i
  have doubts any encryption found in any build of NT
  could compare to ssh in terms of integrity. this could 
  be quite compounded if Microsoft uses proprietary
  encryption standards (which they have implemented in
  NT's RAS, at least in 3.51) and doesn't provide any real
  information on them, which unfortunately seems likely.

[REW: Of course their encryption is weak. Otherwise they wouldn't be 
allowed to export it! Right?]

>This may be off-topic but does anyone know if there's a similar list for NT?

  send mail to majordomo@iss.net and include in the body:
 
  subscribe ntsecurity	<your address>

  twiggy
  twiggy@suicide.org
  http://www.suicide.org

home help back first fref pref prev next nref lref last post