[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Microsoft weak encryption

To: [email protected] (Joel McNamara)
Subject: Re: Microsoft weak encryption
From: Adam Shostack <[email protected]>
Date: Wed, 29 Nov 1995 10:59:46 -0500 (EST)
Cc: [email protected]
In-Reply-To: <[email protected]> from "Joel McNamara" at Nov 29, 95 06:45:25 am
Sender: [email protected]

Joel McNamara wrote:

| Peter Gutmann has an interesting article in sci.crypt, demonstrating how
| weak Microsoft's encryption is with basic access control in Windows for
| Workgroups (I'm assuming Win95 uses the same algorithm).  Essentially, he
| shows how a 32-bit key is created to be passed to RC4 for encrypting .PWL
| files.  I think a t-shirt is definitely in order for this.

	While Peter did a nice job of showing how Windows stores
passwords, my understanding is that those passwords are decrypted by
Windows, and sent over the net in the clear.  Seems much easier to
snarf them there..

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume

References:
- Microsoft weak encryption
  - From: Joel McNamara <[email protected]>

Prev by Date: Re: The future will be easy to use
Next by Date: Re: The future will be easy to use
Prev by thread: Microsoft weak encryption
Next by thread: Re: Microsoft weak encryption
Index(es):
- Date
- Thread