Re: Logon protocols
From: Invisible (orphi69_at_hotmail.com)
Date: 06/18/03
- Next message: Gary: "Admin account password problems"
- Previous message: Invisible: "Re: Logon protocols"
- In reply to: Keith W. McCammon: "Re: Logon protocols"
- Next in thread: Keith W. McCammon: "Re: Logon protocols"
- Reply: Keith W. McCammon: "Re: Logon protocols"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 18 Jun 2003 02:23:51 -0700
>> So when a user tries to log in, the client sends their
>> username and a hash of their password to the DC?
>
>Using NT, yes. A hash would be generated by the client
and sent to the *DC.
>If there was a match, then the user was authenticated.
Pretty standard
>system.
Right.
>> Is this suseptable to a replay attack?
>
>In theory, yes (NT only), although you wouldn't really
even need to go to
>the trouble. You could sniff the hash off the wire, run
it through
>L0phtcrack, and then just log in as the user.
Is it really that easy?
Just out of interest, do you happen to know what port(s)
all this happens on? I think I'm gonna go block them at
the firewall before someone deleted our Oracle database or
something...
>Kerberos, on the other hand, uses a significantly more
secure scheme, the
>details of which are available elsewhere, and are too
complex to outline
>here. Suffice it to say that it is a time/ticket-based
system that would be
>quite difficult to replay.
Would I be right in thinking it involves asymmetric
cryptography?
Thanks.
- Next message: Gary: "Admin account password problems"
- Previous message: Invisible: "Re: Logon protocols"
- In reply to: Keith W. McCammon: "Re: Logon protocols"
- Next in thread: Keith W. McCammon: "Re: Logon protocols"
- Reply: Keith W. McCammon: "Re: Logon protocols"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
