[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
NT v. Win95 Passwords (was Re: Windows .PWL cracker implemented as a Word Basic virus)
On Sat, 9 Dec 1995, Dan Bailey wrote:
> On Fri, 8 Dec 1995 19:51:55 -0800 you wrote:
>
> >
> >Also, does NT use the same algorithm for saving network passwords?
> >
> No, but they're doing something that makes me very uncomfortable: As
> I read this, they're hashing the password and some other user
> information using MD4 then doing some proprietary permutations on
> that. Given their record with security, I'd rather they used straight
> MD4, rather than throwing in something that we can't analyze.
> Dan Bailey
>
> >From the Microsoft Knowledge Base article Q102716
That would be http://www.microsoft.com/kb/bussys/winnt/q102716.htm. Seems
reasonable to me. It's good enough for NT to get the guvment's imprimatur
for the guvment's own use.
Does anyone have any technical information on the problem referred to in
http://www.microsoft.com/KB/PEROPSYS/windows/Q131675.htm (below)? It says
"The password encryption method used by Windows NT is different from
the method used by Windows 95," and offers some curious workarounds.
Microsoft has not been very cooperative.
In other news (just to combine four subjects in one message), in our
meeting with Microsoft today on DHCP issues (that's in the gopher archive;
finger me), a Highly Placed Source said that Microsoft would release the
details on the new Win95 .PWL encryption Soon, and that a release
candidate is in internal beta testing now, but that there would be no
outside testing prior to the public release.
Q131675
SYMPTOMS
You may not be able to connect to a shared folder on a Windows 95 computer
from a Microsoft Windows NT workstation.
CAUSE
The password encryption method used by Windows NT is different from
the method used by Windows 95.
RESOLUTION
You may be able to work around this problem by using one of the following
methods:
- Use all uppercase or all lowercase characters in the Windows 95
shared folder password.
- Remove password protection from the shared folder.
- Use user-level access control instead of share-level access control.
STATUS
Microsoft is researching this problem and will post new information
here in the Microsoft Knowledge Base as it becomes available.