Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NTBugtraq> 1998-1999

WANTED: Technical NT Security Info

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

WANTED: Technical NT Security Info

To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
Subject: WANTED: Technical NT Security Info
From: Luke Kenneth Casson Leighton <lkclSWITCHBOARD.NET>
Date: Tue, 20 Apr 1999 23:16:52 +0100
Approved-By: Russ.CooperRC.ON.CA
Reply-To: Luke Kenneth Casson Leighton <lkclSWITCHBOARD.NET>
Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>

NT uses proprietary encryption mechanisms to protect passwords and to
authenticate users.  There is no one source of information on these
schemes outside of Microsoft.

If anyone has any information on any of the following or any other topics
that they would like to see published as a White Paper, please contact
Luke K C Leighton <lkcliss.net>.

The paper will include as comprehensive a list of these mechanisms as
possible, and will include a review of their weaknesses and strengths.



Known, documented mechanisms
----------------------------

- LM 16 byte cleartext-equivalent password hashes.

- NT 16 byte cleartext-equivalent password hashes.

- SMB NTLM 8-byte random challenge / 24-byte LM and NT response.

- DCE/RPC NETLOGON pipe "Interactive" and "Netlogon" credential chain
system.  Uses Trust Accounts (Workstation, Inter-Domain and Server).  NT
4.0 Service Pack 3 and below only.


Known, coded (but undocumented) mechanisms
------------------------------------------

- DCE/RPC encryption (sign and seal) NTLMSSP version 1, 40-bit only.

- DCE/RPC SAM database password updates (SamrSetInformationUser).

- DCE/RPC lsarpc secret info (LsaQuerySecretInfo).


Unknown, undocumented mechanisms
--------------------------------

- SMB NTLMv2 8-byte random challenge / NTLMv2 variable-length responses.
added to NT 4.0 Service Pack 4 but not NT 5.0 beta 3 :-)

- DCE/RPC encryption (sign and seal) NTLMSSP version 1, 128-bit and
"session key negotiation".

- DCE/RPC encryption (sign and seal) NTLMSSP version 2.  added to NT 4.0
Service Pack 4 and above.

- DCE/RPC NETLOGON "Secured Channel".  added to NT 4.0 Service Pack 4 and
above.

- DCE/RPC PDC <-> BDC SAM database replication.



<a href="mailto:lkclsamba.org"   > Luke Kenneth Casson Leighton  </a>
<a href="http://www.cb1.com/~lkcl"> Samba and Network Development </a>
<a href="http://samba.org"        > Samba Web site                </a>

=====================================================================
Luke Kenneth Casson Leighton        |  Direct Dial   : (678) 443-6183
Systems Engineer / ISS XForce Team  |  ISS Front Desk: (678) 443-6000
Internet Security Systems, Inc.     |  ISS Fax       : (678) 443-6477

http://www.iss.net/    *Adaptive Network Security for the Enterprise*
     ISS Connect   -   International User Conference   -  May '99
=====================================================================

Prev by Date: NTBugtraq Canada Day - not?
Next by Date: DHTML Edit control IE 5 vulnerabilities.
Prev by thread: NTBugtraq Canada Day - not?
Next by thread: DHTML Edit control IE 5 vulnerabilities.
Index(es):
- Date
- Thread