|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Windows 2000 Password Encryption
Subject: Windows 2000 Password Encryption
From: Doug Welsby (dougwelsby
VIDEOTRON.CA)
Date: Thu Dec 30 1999 - 14:28:54 CST
- Next message: Phil Messenger: "Re: Windows 2000 Password Encryption"
- Next in thread: Phil Messenger: "Re: Windows 2000 Password Encryption"
- Reply: Phil Messenger: "Re: Windows 2000 Password Encryption"
- Reply: Maniac .: "Re: Windows 2000 Password Encryption"
- Reply: Joe Lefort: "Re: Windows 2000 Password Encryption"
- Reply: Liebig, Ed: "Re: Windows 2000 Password Encryption"
- Reply: Paul Leach: "Re: Windows 2000 Password Encryption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Please excuse some of the questions/lack of knowledge in this submission -
the information I am passing on is more in the form of a question or a
challenge to others to examine this situation.
Background - although I can't recall the details, I remember seeing a
posting to this list (or perhaps elsewhere) with regards to the level of
encryption on Windows NT (4.0 and below) passwords, and something regarding
the fact that the password was broken into 7 char pieces for encryption.
Someone had exploited this knowledge in some way. Again, sorry for the lack
of details.
Discovery - I've been beta testing Windows 2000 since RC1, and have noticed
a strange behaviour on the login screen when entering the password. This
has been seen in Windows 2000 Pro, up to and including build 2183. My
current password is greater than 7 chars, and when entering it at the login
screen (after pressing Ctrl-Alt-Del), after the seventh asterix appears,
there appears to be a slight delay before the 8th and further asterix's
appear. It's almost as if the first 7 chars are being hashed or encrypted
to compare to the stored password.
Any ideas if this might point to the same problem found in NT 4.0 and
whether or not this is indeed a problem?
Again, sorry for the lack of detail/knowledge, but I thought someone might
know something about this.
______________
Doug Welsby
BEng, MCSE, CBE
CamberTech
53 Rue Des Erables
Hull, Quebec, J8Y 6K7
Tel - 613.276.8441
Fax - 613.276.2456
_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net
- Next message: Phil Messenger: "Re: Windows 2000 Password Encryption"
- Next in thread: Phil Messenger: "Re: Windows 2000 Password Encryption"
- Reply: Phil Messenger: "Re: Windows 2000 Password Encryption"
- Reply: Maniac .: "Re: Windows 2000 Password Encryption"
- Reply: Joe Lefort: "Re: Windows 2000 Password Encryption"
- Reply: Liebig, Ed: "Re: Windows 2000 Password Encryption"
- Reply: Paul Leach: "Re: Windows 2000 Password Encryption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Thu Dec 30 1999 - 14:43:49 CST