|
 |
On Sat, 07 Jun 2008 10:20:59 +0100, Orchid XP v8 wrote:
> Jim Henderson wrote:
>
>>> Yeah, AD works completely differently to the SAM - even down to using
>>> a different hash function IIRC. Good luck with that!
>>
>> I think it still uses MD4 for NTLM authentication (seems to me that's
>> what it was), but you can disable that and it uses something a bit more
>> advanced.
>
> I am almost 100% certain that no product before Windows 2000 actually
> uses a hash function devised by cryptographers. AFAIK, right up until
> Windows NT4, M$ were using their own custom-designed [and horribly weak]
> hash functions for passwords. The only reason Windows 2000 and later
> don't is that [finally!] they use an industry standard - Kerberos.
NetWare uses an RSA algorithm, and has for many, many years. By
extension, eDirectory does, which is used in many non-NetWare application
environments as well.
The algorithm was outlined in a Dr. Dobbs article back in the 80's, and
even then it didn't need to be changed.
eDirectory now provides a function called "Universal Password" which can
optionally be used, but the 'traditional' password can also be used in
most cases.
Oh, and it supports Kerberos and GSSAPI now as well. :-)
Jim
Post a reply to this message
|
|
