Basic question

From: Roman L. Daszczyszak II (romandas_at_gmail.com)
Date: 03/10/05

  • Next message: Miroslaw Slawek Chorazy: "Re: Question on IIS servers and reverse lookup"
    Date: Thu, 10 Mar 2005 14:56:52 -0600
    To: focus-ms@securityfocus.com
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Does anyone have a good reference on the differences between LanMan,
    NTLM, NTLMv2 and Kerberos? Also, is there any restriction on the length
    of a password used across a network/LAN for authentication? I'm aware
    in NT/2K/XP/2003 the max length of a password is 127 characters, but am
    curious if this is still true for network/domain authentication.

    Lastly, I have heard (and would like confirmation/denial) that
    authenticating to a domain-based machine from a machine outside the
    domain causes an otherwise normally encrypted password to be sent
    cleartext when authenticating with an IIS server. Can anyone point me
    to references about this?

    Thank you for any information y'all can provide.

    Roman
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.6 (GNU/Linux)
    Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

    iD8DBQFCMLSUszjStpsfjf8RAtNLAJsGmQv5p9B1bk7msxzK0zrDkpcSKgCgxEKl
    hoC2TjFp71dLF3Regw1c6qA=
    =vQB2
    -----END PGP SIGNATURE-----

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Miroslaw Slawek Chorazy: "Re: Question on IIS servers and reverse lookup"