[1243] in linux-security and linux-alert archive
Re: [linux-security] WinNT security?
daemon@ATHENA.MIT.EDU (Twiggy)
Sat Oct 19 08:36:28 1996
Date: Fri, 18 Oct 1996 11:21:16 -0400
To: linux-security@tarsier.cv.nrao.edu
From: twiggy@accel.net (Twiggy)
>I just noticed that NT only send encrypted passwords over the net. This
>seems to be a good idea. I just wonder how secure there algorithms are.
>Does anyone know how it compares to ssh?
you may want to look into NT's telnet and ftp services
before discussing any "robust encryption" they offer.
NT's encryption of PWL files is also a serious issue. i
have doubts any encryption found in any build of NT
could compare to ssh in terms of integrity. this could
be quite compounded if Microsoft uses proprietary
encryption standards (which they have implemented in
NT's RAS, at least in 3.51) and doesn't provide any real
information on them, which unfortunately seems likely.
[REW: Of course their encryption is weak. Otherwise they wouldn't be
allowed to export it! Right?]
>This may be off-topic but does anyone know if there's a similar list for NT?
send mail to majordomo@iss.net and include in the body:
subscribe ntsecurity <your address>
twiggy
twiggy@suicide.org
http://www.suicide.org