[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Microsoft weak encryption

Joel McNamara wrote:

> Peter Gutmann has an interesting article in sci.crypt, demonstrating how
> weak Microsoft's encryption is with basic access control in Windows for
> Workgroups (I'm assuming Win95 uses the same algorithm).  Essentially, he
> shows how a 32-bit key is created to be passed to RC4 for encrypting .PWL
> files.  I think a t-shirt is definitely in order for this.

Further information on the method used by Windows NT (a challenge-response
mechanism) can be found on the MSDN CD, or on the MS ftp site:
PSS ID Number: Q102716.  I'll mail the article to anyone that wants to see
it (~11k).

- Andy