David Jablon (dpj@world.std.com)
Sat, 29 Aug 1998 19:47:11 -0400
How password-based login currently works in Win9x/NT and
how it can work better are two distinct questions.
The PPTP article partially discusses the weakness of the
currently deployed methods. But it doesn't discuss the
stronger alternatives, like password-authenticated Diffie-Hellman.
These are described at <http://world.std.com/~dpj/>.
>At 04:02 PM 8/27/98 +0100, James Black <black@eng.usf.edu> wrote:
>> I have been asked to look into how login can work on Win95, Win98,
>>NT4.0. My question is on the password on Win98 and perhaps NT4.0. I was
>>told that the password is encrypted, and I was wondering if there is a way
>>for it to be decrypted.
>>
>> If there is a good place or book for reference on this that would be
>>helpful also.
At 09:32 AM 8/28/98 +0100, Martin Grap <mgrap@concord-eracom.de> wrote:
>Have a look at
>
>http://www.counterpane.com/pptp-paper.html
>
>This paper describes some weaknesses in Microsofts pptp implementation.
>As far as I remember the authors also describe the various protocols
>used by Microsoft for client authentication. Another way of getting
>information could be the source code of the Samba server. It implements
>Microsoft's file and printer sharing on a Linux machine. I think it's
>GPL'ed and therefore the source should be freely available.
Studying WinXX is a lot like picking apart a WW-II rotor machine.
It's an interesting historical exercise, and somewhat useful
if you have to use the old machines. But challenge/response
hash methods don't illustrate the state-of-the-art, which
is what you want to investigate if you're building something new.
-------------------------
David P. Jablon
dpj@world.std.com
<http://world.std.com/~dpj/>
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:11:02