Password sync
Richard Sharpe
sharpe at ns.aus.com
Wed Jul 19 23:59:32 GMT 2000
At 04:05 AM 7/20/00 +1000, Jeremy Allison wrote:
>Paul J Collins wrote:
>
>> NT's password format is neither insecure nor trivial. It is a one-way
>> hash.
>
>This is true, but the implementation is badly flawed.
>There is no salt - meaning if two users pick the same
>password it will be an identical hash.
>
>The second problem is not the NT password hash but the
>legacy lanman hash which is usually stored with the
>more secure NT hash.
>
>The lanman hash *is* trivial and brute forcible, and
>this makes the security of the NT hash irrelevent, as
>you only need to brute force the lanman one.
The details are up on www.l0pht.com under L0phtCrack.
>Jeremy Allison,
>Samba Team.
>
>--
>--------------------------------------------------------
>Buying an operating system without source is like buying
>a self-assembly Space Shuttle with no instructions.
>--------------------------------------------------------
>
Regards
-------
Richard Sharpe, sharpe at ns.aus.com
Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org)
Contributing author, SAMS Teach Yourself Samba in 24 Hours
Author, Special Edition, Using Samba
More information about the samba-ntdom
mailing list