[5959] in cryptography@c2.net mail archive
Microsoft distributes strong crypto to the masses
daemon@ATHENA.MIT.EDU (staym@accessdata.com)
Wed Oct 20 14:23:26 1999
From: staym@accessdata.com
Message-ID: <380DFE1A.458D@accessdata.com>
Date: Wed, 20 Oct 1999 11:38:34 -0600
MIME-Version: 1.0
To: cryptography@c2.net
Cc: coderpunks@toad.com
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Before OSR2, Windows PWL (cached password database) files reused the
same RC4 stream for known plaintext and the cached passwords. Someone
exploited this and published code. Apparently, MS has fixed the
problem. PWL files under '95/OSR2 and '98 are protected with a single
RC4 stream whose 128-bit key is derived from 9 rounds of MD5 applied to
a password (which is, unfortunately, converted to uppercase). At 70
possibilities per character, or a little over 6 bits, and 14 characters
long, that's a total keyspace of just under 86 bits.
Resources and passwords don't have to conform to anything; they're
arbitrary binary strings.
--
Mike Stay
Programmer / Crypto guy
AccessData Corp.
mailto:staym@accessdata.com
