Re: MSFT Bans insecure hashes - was"Passwords with Lan Manager (LM) under Windows"
From: Daniel Miessler (daniel_at_dmiessler.com)
Date: 10/30/05
- Previous message: Daniel Miessler: "Insecure Hash Algorithms (MD5) and NTLMv2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 30 Oct 2005 05:17:54 -0500 To: Thor (Hammer of God) <thor@hammerofgod.com>
On Sep 24, 2005, at 4:11 PM, Thor (Hammer of God) wrote:
> Rather than getting into how the basic client-server authentication
> netlogon protocols are vastly different than IPSec channels, please
> just answer one of the following questions. I'll try to make them
> very simple.
>
> Scenario: You've got an XP Pro laptop on the Windows network
> logged on with local credentials. A network resource on a Win2k
> server somewhere is accessed, requiring new credentials be entered
> to access the resource. Please tell us exactly how you force the
> client and server to use "IPSec based auth" to authenticate the
> request as opposed to LM, NTLM, or NTLMv2.
Here, let me try:
The issue here is simple: we're trying to authenticate to a Windows
system, and IPSEC "authentication" is used to authenticate IPSEC
peers, not Windows users. An analogy would be a situation in which
authentication is needed for both a secret road to get to work, and
then also to enter the building at work. The road authentication
doesn't necessarily work for the building. ;)
-- Daniel R. Miessler M: daniel@dmiessler.com W: http://dmiessler.com G: 0x316BC712
- application/pgp-signature attachment: This is a digitally signed message part
- Previous message: Daniel Miessler: "Insecure Hash Algorithms (MD5) and NTLMv2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
