Re: Logon protocols
From: Keith W. McCammon (km_at_km.com)
Date: 06/13/03
- Next message: Steven L Umbach: "Re: permission problems"
- Previous message: Danny Sanders: "Re: Unable to add domain/user to be local admins"
- In reply to: Invisible: "Re: Logon protocols"
- Next in thread: Invisible: "Re: Logon protocols"
- Reply: Invisible: "Re: Logon protocols"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 13 Jun 2003 11:29:04 -0400
> So when a user tries to log in, the client sends their
> username and a hash of their password to the DC?
Using NT, yes. A hash would be generated by the client and sent to the *DC.
If there was a match, then the user was authenticated. Pretty standard
system.
> Is this suseptable to a replay attack?
In theory, yes (NT only), although you wouldn't really even need to go to
the trouble. You could sniff the hash off the wire, run it through
L0phtcrack, and then just log in as the user.
Kerberos, on the other hand, uses a significantly more secure scheme, the
details of which are available elsewhere, and are too complex to outline
here. Suffice it to say that it is a time/ticket-based system that would be
quite difficult to replay.
- Next message: Steven L Umbach: "Re: permission problems"
- Previous message: Danny Sanders: "Re: Unable to add domain/user to be local admins"
- In reply to: Invisible: "Re: Logon protocols"
- Next in thread: Invisible: "Re: Logon protocols"
- Reply: Invisible: "Re: Logon protocols"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
